jasder
/
runc
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

config-linux: Lift no-tweaking namespace restriction 

This restriction originally landed via 02b456e9 (Clarify behavior
around namespaces paths, 2015-09-08, #158).  The hostname case landed
via 66a0543e (config: Require a new UTS namespace for config.json's
hostname, 2015-10-05, #214) citing the namespace restriction.  The
restriciton extended to runtime namespaces in 01c2d55f (config-linux:
Extend no-tweak requirement to runtime namespaces, 2016-08-24, #538).
There was a proposal in-flight to get config-wide consistency around
the no-tweaking concept [1].

In today's meeting, the maintainer consensus was to strike the
no-tweaking restriction [2], which is what I've done here.  I've
removed the ROADMAP entry because this gives folks a way to adjust
existing containers (launch a new container which joins and tweaks the
original).

The hostname entry still mentions the UTS namespace to provide a guard
against accidental foot-gunning.  There was no no-tweaking language
for properties related to other namespaces (e.g. 'mounts').
Maybe the other namespaces have more obvious names.

[1]: https://github.com/opencontainers/runtime-spec/pull/540
[2]: http://ircbot.wl.linuxfoundation.org/meetings/opencontainers/2017/opencontainers.2017-01-11-22.04.log.html#l-117

Signed-off-by: W. Trevor King <wking@tremily.us>
This commit is contained in:
W. Trevor King 2017-01-11 15:05:07 -08:00
parent a3dd52f583
commit d43fc428aa
3 changed files with 2 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
ROADMAP.md
View File

@ -18,14 +18,6 @@ Could be solved by lifecycle/ops and create/start split discussions
*Owner:* vishh & duglin
### Live Container Updates
Should we allow dynamic container updates to runtime options?
Proposal: make it an optional feature
*Owner:* hqhq (was vishh) robdolinms, bcorrie
### Version Schema
Decide on a robust versioning schema for the spec as it evolves.

1
config-linux.md
View File

@ -39,7 +39,6 @@ The following parameters can be specified to setup namespaces:
If a path is specified, that particular file is used to join that type of namespace.
If a namespace type is not specified in the `namespaces` array, the container MUST inherit the [runtime namespace](glossary.md#runtime-namespace) of that type.
If a new namespace is not created (because the namespace type is not listed, or because it is listed with a `path`), runtimes MUST assume that the setup for that namespace has already been done and error out if the config specifies anything else related to that namespace.
If a `namespaces` field contains duplicated namespaces with same `type`, the runtime MUST error out.
###### Example

3
config.md
View File

@ -256,7 +256,8 @@ For Windows based systems the user structure has the following fields:
## Hostname
* **`hostname`** (string, OPTIONAL) configures the container's hostname as seen by processes running inside the container.
On Linux, you can only set this if your bundle creates a new [UTS namespace][uts-namespace].
On Linux, this will change the hostname in the [container][container-namespace] [UTS namespace][uts-namespace].
Depending on your [namespace configuration](config-linux.md#namespaces), the container UTS namespace may be the [runtime UTS namespace][runtime-namespace].
### Example