In the degenerate case where the container does not create a user
namespace, the "container namespace" distinction is unimportant, but
the phrasing is still accurate (the container and runtime namespaces
are the same).
Signed-off-by: W. Trevor King <wking@tremily.us>
When this repo was only 'specs', then the generic name was not so bad.
But now there is also the oci-image-spec, so this lines up it's unique
name as well.
This also variablizes the output filename so it will be easier for
release specific names.
Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>
The shorter-than-normal (for the rest of this list) indent landed with
the line in be594153 (Split create and start, 2016-04-01, #384).
Signed-off-by: W. Trevor King <wking@tremily.us>
Restore the line removed by be594153 (Split create and start,
2016-04-01, #384). Without this, GitHub renders the list as a single
paragraph.
Signed-off-by: W. Trevor King <wking@tremily.us>
This wording is descended from 7117ede7 (Expand on the definition of
our ops, 2015-10-13, #225), but the idea is covered generically by
e53a72b (Clarify the operation is not for command-line api,
2016-05-24, #450), so we no longer need a create-specific note.
Especially in the lifecycle docs, where there's already enough going
on without this low-level detail.
Signed-off-by: W. Trevor King <wking@tremily.us>
The README title is:
Open Container Runtime Specification
And the config.md title is:
Container Configuration file
The JSON Schema covering that configuration file should have a
description that combines those two titles without introducing new
language.
Signed-off-by: W. Trevor King <wking@tremily.us>
Use wording from config.md, since the JSON Schema doesn't seem like a
good place to be picking new words.
Signed-off-by: W. Trevor King <wking@tremily.us>
The user-namespace restriction isn't about the root filesystem in
particular. For example, if you bind mount in a second filesystem,
the runtime shouldn't adjust ownership on that filesystem either.
I've also adjusted the old "permissions" to "ownership", since that
more clearly reflects the fields (user and group) that you would
modify if you wanted to adjust for user namespacing.
Signed-off-by: W. Trevor King <wking@tremily.us>
This has been stale since cb2da543 (config: Single, unified config
file, 2015-12-28, #284), when we dropped the attempt to distinguish
between platform-independent and platform-dependent configuration.
Signed-off-by: W. Trevor King <wking@tremily.us>
In dc9daf9 (Makefile: Replace vbatts/pandoc with a PANDOC variable
2016-05-06, #428) I'd misunderstood vbatts/pandoc as a call to a
locally-installed pandoc, when it's actually the name of a Docker
image [1,2]. With this commit, we prefer a local pandoc if one
exists, fall back to Docker and vbatts/pandoc if a local 'docker'
exists, and raise an error if neither 'pandoc' nor 'docker' exist.
[1]: https://github.com/opencontainers/runtime-spec/pull/440
[2]: https://github.com/opencontainers/runtime-spec/pull/428#discussion_r63987603
Reported-by: Qiang Huang <h.huangqiang@huawei.com>
Reported-by: Lai Jiangshan <jiangshanlai@gmail.com>
Signed-off-by: W. Trevor King <wking@tremily.us>
The `Errors` section is more like a general description about
runtime, if it's a sub-section of `Operations`, it'll be hard
for both implementations and tests to define what this
`errors` operation really is.
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
The old platform.os text had two MUST conditions. The first could
have been read "the runtime MUST generate an error if invoked with a
config.json whose platform.os is incompatible with the host platform"
(which is the direction I'm going with this commit). However, it
could also have been read "the bundle-validator MUST generate an error
if platform.os is incompatible with the content the bundle's other
content (e.g. 'linux' in platform.os, but only Windows binaries in the
bundle's rootfs).
For the second MUST, I doubt we want to require a compliant runtime
support all Go architectures itself. And there is a benefit to
pointing runtime/bundle authors at the Go set, but not much benefit in
making that a hard limit [1,2]. The rewording here follows [2] in
acknowledging that process.arch-matching is something that the config
author and runtime caller have to sort out between themselves and
pointing them at the Go docs and a registration process to avoid
fragmenting the community.
[1]: https://github.com/opencontainers/image-spec/pull/29
[2]: https://github.com/opencontainers/image-spec/pull/60
Signed-off-by: W. Trevor King <wking@tremily.us>
Qiang Huang
W. Trevor King
Mrunal Patel
Michael Crosby
Vincent Batts
Michael Holzheu
Doug Davis
Chris Aniszczyk