- add information to cgroup resources controllers with examples
- add pids cgroup information and example
- reflect kernel types
Signed-off-by: Antonio Murdaca <runcom@linux.com>
we have both styles in the *.md, we should use only one of the styles.
**`name`** is much prettier than **name** in the result,
so we use **`name`**
Signed-off-by: Lai Jiangshan <jiangshanlai@gmail.com>
By default, Seccomp filters will only permit syscalls to be made using the
native architecture of the kernel. This is fine for most use cases, but breaks
others (such as running 32-bit code in a container on a host with a 64-bit
kernel). This patch adds a field to specify additional architectures which may
make syscalls.
Signed-off-by: Matthew Heon <mheon@redhat.com>
`WeightDevice`, `ThrottleReadBpsDevice`, `ThrottleWriteBpsDevice`,
`ThrottleReadIOpsDevice`, `ThrottleWriteIOpsDevice` are now slices to
well defined structs to allow setting multiple devices in their respective
blkio file. By using a string to represents those values it wasn't possible
to set correct values when multiple devices were passed in the config
(either newline separated or comma separated).
Signed-off-by: Antonio Murdaca <runcom@linux.com>
Kunal mentioned this tool in this thread [1]. There's some discussion
with David Liang of OCT in that thread where Kunal and David seem to
be trying to find common ground and avoid duplicating effort, but both
projects seem to be moving along on their own now. I think we should
link to both, and we can always remove a link later if/when the two
projects get together to provide a common validator framework.
Entries in this list (the first in implementations.md with two entries
in a category) are alphabetical by whatever the first text is in the
enter.
[1]: https://groups.google.com/a/opencontainers.org/forum/#!topic/dev/B2qQ9itIsgI
Message-Id: <b8554ca7-bc0a-480c-9603-8c4ab3f4fdd6@opencontainers.org>
Signed-off-by: W. Trevor King <wking@tremily.us>
Mrunal mentioned this during today's meeting, and linking to it will
hopefully reduce the amount of duplicated effort in this area.
Signed-off-by: W. Trevor King <wking@tremily.us>
config_linux.go already has the "_linux" for the go build,
so the build tag in the file is redundant.
Signed-off-by: Lai Jiangshan <jiangshanlai@gmail.com>
If we don't specify this, some bundle-authors or runtime-implementers
might expect the runtime to intelligently order mounts to get the
"right" order [1]. But that's not possible because:
$ mkdir -p a/b/c d/e/f h
# mount --bind a/b h
# mount --bind d a/b
$ tree --charset=ascii h
h
`-- c
But in the other order:
# umount a/b
# umount h
# mount --bind d a/b
# mount --bind a/b h
$ tree --charset=ascii h
h
`-- e
`-- f
So there's no "right" order. Allowing the bundle-author to specify
their intended order is both easy to implement and unambiguous.
[1]: https://github.com/opencontainers/specs/pull/136#issuecomment-137275876
Suggested-by: Lai Jiangshan <jiangshanlai@gmail.com>
Signed-off-by: W. Trevor King <wking@tremily.us>