The former definition was join "/" when `cgroupsPath` is absent, it's
not clear whether to join the root cgroup or create a sub cgroup under "/".
Join root cgroup would be a bad idea cause that's not what a container
should do. And craete a sub cgroup would be missing definition about what
the cgroup name should that be.
So I think we should leave this to implementations what the default
cgroup path should be.
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
Cover my action item from this week's OCI call.
Also moved State json out of config.go since its not really part of
the config.json file/config.
Signed-off-by: Doug Davis <dug@us.ibm.com>
Fix a misleading comment for how PidsLimit works when given a limit of
0. In the PIDs controller, a limit of 0 is identical to a limit of 1,
since it is not possible to impose a limit on 0 processes.
As such, it makes no sense to distinguish the two values, rather the
value 0 (which is also the default value of an integer in Go) should
instead indicate no limit (which is the default for all new PIDs
controllers).
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
Mainly just moved stuff around, but also tried to add some clarity around
what is required w.r.t. naming and location of files/dirs.
Signed-off-by: Doug Davis <dug@us.ibm.com>
I didn't really change much, just moved somes stuff around and expanded
a little more in number 5.
I moved all of the physical shipping container stuff to just the into
because while its a cute analogy, repeating it over and over just got
in the way of the real point - and by number 5 we endedup having more text
about shipping containers than our containers - which was just weird.
Signed-off-by: Doug Davis <dug@us.ibm.com>
Moving this tool to https://github.com/vbatts/git-validation so that
iteration on it will not be noise for this project.
Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>
The UTS namespace is for hostnames and NIS domain names [1]. Without
a new namespace, the hostname entry would clobber the host
environment's hostname.
Clobbering the host's hostname or a joined-namespace's hostname might
be acceptable for folks who trust their bundles, but it's not allowed
by the "error out if the config specifies anything else related to
that namespace" language that landed in 02b456e9 (Clarify behavior
around namespaces paths, 2015-09-08, #158).
[1]: http://man7.org/linux/man-pages/man7/namespaces.7.html
Signed-off-by: W. Trevor King <wking@tremily.us>
Swapnil Kulkarni (coolsvap)
Qiang Huang
nponeccop
W. Trevor King
Vincent Batts
Alexander Morozov
Mrunal Patel
Lai Jiangshan
Michael Crosby
Liang Chenye
Doug Davis
ChengTiesheng
Aleksa Sarai
Dongsheng Yang
Vishnu kannan
Zefan Li
Mrunal Patel