Based on our discussion in-person yesterday it seems necessary to
separate the concept of runtime configuration from application
configuration. There are a few motivators:
- To support runtime updates of things like cgroups, rlimits, etc we
should separate things that are inherently runtime specific from
things that are static to the application running in the container.
- To support the goal of being able to move a bundle between hosts we
should make it clear what parts of the spec are and are not portable
between hosts so that upon landing on a new host the non-portable
options may be rewritten or removed.
- In order to attach a cryptographic identity to a bundle we must not
include details in the bundle that are host specific.
Add a note describing that the names of directories in the bundle are
arbitrary and referenced from the configuration, but conventional names
(like "rootfs" and "signatures") should be used.
- Move to single root filesystem, as the configuration specification now
only supports a single process
- Clarify that signatures are just another kind of content directory
- Cross-reference configuration specification for config.json
We had an in-person spec discussion, lets separate the spec into some
high-level sections to clarify future discussion.
Crosby agreed to let me merge to master :)