Mainly just moved stuff around, but also tried to add some clarity around
what is required w.r.t. naming and location of files/dirs.
Signed-off-by: Doug Davis <dug@us.ibm.com>
I didn't really change much, just moved somes stuff around and expanded
a little more in number 5.
I moved all of the physical shipping container stuff to just the into
because while its a cute analogy, repeating it over and over just got
in the way of the real point - and by number 5 we endedup having more text
about shipping containers than our containers - which was just weird.
Signed-off-by: Doug Davis <dug@us.ibm.com>
Moving this tool to https://github.com/vbatts/git-validation so that
iteration on it will not be noise for this project.
Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>
The UTS namespace is for hostnames and NIS domain names [1]. Without
a new namespace, the hostname entry would clobber the host
environment's hostname.
Clobbering the host's hostname or a joined-namespace's hostname might
be acceptable for folks who trust their bundles, but it's not allowed
by the "error out if the config specifies anything else related to
that namespace" language that landed in 02b456e9 (Clarify behavior
around namespaces paths, 2015-09-08, #158).
[1]: http://man7.org/linux/man-pages/man7/namespaces.7.html
Signed-off-by: W. Trevor King <wking@tremily.us>
- add information to cgroup resources controllers with examples
- add pids cgroup information and example
- reflect kernel types
Signed-off-by: Antonio Murdaca <runcom@linux.com>
we have both styles in the *.md, we should use only one of the styles.
**`name`** is much prettier than **name** in the result,
so we use **`name`**
Signed-off-by: Lai Jiangshan <jiangshanlai@gmail.com>
By default, Seccomp filters will only permit syscalls to be made using the
native architecture of the kernel. This is fine for most use cases, but breaks
others (such as running 32-bit code in a container on a host with a 64-bit
kernel). This patch adds a field to specify additional architectures which may
make syscalls.
Signed-off-by: Matthew Heon <mheon@redhat.com>
`WeightDevice`, `ThrottleReadBpsDevice`, `ThrottleWriteBpsDevice`,
`ThrottleReadIOpsDevice`, `ThrottleWriteIOpsDevice` are now slices to
well defined structs to allow setting multiple devices in their respective
blkio file. By using a string to represents those values it wasn't possible
to set correct values when multiple devices were passed in the config
(either newline separated or comma separated).
Signed-off-by: Antonio Murdaca <runcom@linux.com>
Vincent Batts
Zefan Li
Mrunal Patel
Mrunal Patel
Doug Davis
Lai Jiangshan
Michael Crosby
W. Trevor King
Antonio Murdaca
Jonathan Boulle
Alexander Morozov
linzhinan
Matthew Heon