57a587635d
Merge pull request #701 from wking/optional-process
...
config: Make process optional
2017-05-10 15:03:06 -07:00
60fa44d737
Merge pull request #703 from Mashimiao/schema-fix-user
...
schema: add username for user field
2017-05-10 08:14:36 -07:00
4b49c64a88
config: Shift oomScoreAdj from linux.resources to process
...
The only discussion related to this is in [1,2], where the
relationship between oomScoreAdj and disableOOMKiller is raised. But
since 429f936#137 )
resources has been tied to cgroups, and oomScoreAdj is not about
cgroups. For example, we currently have (in config-linux.md):
You can configure a container's cgroups via the resources field of
the Linux configuration.
I suggested we move the property from linux.resources.oomScoreAdj to
linux.oomScoreAdj so config authors and runtimes don't have to worry
about what cgroupsPath means if the only entry in resources is
oomScoreAdj. Michael responded with [4]:
If anything it should probably go on the process
So that's what this commit does.
I've gone with the four-space indents here to keep Pandoc happy (see
7795661#495 ),
but have left the existing entries in this list unchanged to reduce
churn.
[1]: https://github.com/opencontainers/runtime-spec/pull/236
[2]: https://github.com/opencontainers/runtime-spec/pull/292
[3]: https://github.com/opencontainers/runtime-spec/pull/137
[4]: https://github.com/opencontainers/runtime-spec/issues/782#issuecomment-299990075
Signed-off-by: W. Trevor King <wking@tremily.us>
2017-05-09 16:46:30 -07:00
a4ff8879bc
schema: add username for user field
...
Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
2017-02-28 17:58:08 +08:00
c41ea83d84
config: Make process optional
...
Since be59415#384 ), it's
possible for a container process to never execute user-specified code
(e.g. you can call 'create', 'kill', 'delete' without calling
'start'). For folks who expect to do that, there's no reason to
define process.args.
The only other process property required for all platforms is 'cwd',
but the runtime's idler code isn't specified in sufficient detail for
the configuration author to have an opinion about what its working
directory should be.
On Linux and Solaris, 'user' is also required for 'uid' and 'gid'. My
preferred approach here is to make those optional and define defaults
[1,2]:
If unset, the runtime will not attempt to manipulate the user ID
(e.g. not calling setuid(2) or similar).
But the maintainer consensus is that they want those to be explicitly
required properties [3,4,5]. With the current spec, one option could
be to make process optional (with the idler's working directory
unspecified) for OSes besides Linux and Solaris. On Windows, username
is optional, but that was likely accidental [6].
So an unspecified 'process' would leave process.cwd and process.user
unset. What that means for the implementation-defined container
process between 'create' and 'start' is unclear, but clarifying how
that is handled is a separate issue [7] independent of whether
'process' is optional or not.
[1]: https://github.com/opencontainers/runtime-spec/pull/417#issuecomment-216076069
[2]: https://groups.google.com/a/opencontainers.org/forum/#!topic/dev/DWdystx5X3A
Subject: Exposing platform defaults
Date: Thu, 14 Jan 2016 15:36:26 -0800
Message-ID: <20160114233625.GN6362@odin.tremily.us>
[3]: http://ircbot.wl.linuxfoundation.org/meetings/opencontainers/2016/opencontainers.2016-05-04-17.00.log.html#l-44
[4]: https://github.com/opencontainers/runtime-spec/pull/417#issuecomment-216937010
[5]: https://github.com/opencontainers/runtime-spec/pull/417#issuecomment-216937090
[6]: https://github.com/opencontainers/runtime-spec/issues/618#issuecomment-277105273
[7]: https://github.com/opencontainers/runtime-spec/pull/700
Signed-off-by: W. Trevor King <wking@tremily.us>
2017-02-27 12:39:14 -08:00
ec49ba1ada
remove mounts from required
...
Signed-off-by: zhouhao <zhouhao@cn.fujitsu.com>
2017-02-27 09:29:01 +08:00
0a8ef1d7b5
config-schema.json: add required
...
Signed-off-by: zhouhao <zhouhao@cn.fujitsu.com>
2017-02-27 09:27:04 +08:00
eb114f0570
Add ambient and bounding capability support
...
Closes #668
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2017-02-22 14:47:51 -08:00
4100020dfc
schema: fix invalid types
...
Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
2017-02-08 16:35:45 +08:00
a3dd52f583
Merge pull request #646 from q384566678/json-test
...
Perfect json content
2017-01-11 14:24:24 -08:00
2d5e0df2f0
Perfect json content
...
Signed-off-by: zhouhao <zhouhao@cn.fujitsu.com>
2017-01-06 10:34:38 +08:00
a78f255982
config: Explicitly list 'hooks' as optional
...
And make it omitempty, otherwise:
$ ocitools generate --template <(echo '{}')
$ cat config.json | jq -S .
{
"hooks": {},
...
}
To provide space for the type information and 'optional', I've
shuffled the hook docs to follow our usual:
* **`{property}`** ({type}, {when-needed}) {notes}
format. I've kept the separate event-trigger sections (e.g. "###
Prestart") since they go into more detail on the timing, purpose, and
exit handling for the different events (and that seemed like too much
information to put into the nested lists).
I've replaced the Go reference from 48049d2#255 ) with POSIX references (following the
new process docs) to address pushback against referencing Go [1,2] in
favor of POSIX links [3]. Rob Dolin had suggested
"platform-appropriate" wording [4], but it seems like Visual Studio
2015 supports execv [5], and providing an explicit
"platform-appropriate" wiggle seems like it's adding useless
complication.
[1]: https://github.com/opencontainers/runtime-spec/pull/427#discussion_r62362761
[2]: http://ircbot.wl.linuxfoundation.org/meetings/opencontainers/2016/opencontainers.2016-05-18-17.01.log.html#l-46
[3]: http://ircbot.wl.linuxfoundation.org/meetings/opencontainers/2016/opencontainers.2016-05-18-17.01.log.html#l-52
[4]: http://ircbot.wl.linuxfoundation.org/meetings/opencontainers/2016/opencontainers.2016-05-18-17.01.log.html#l-54
[5]: https://msdn.microsoft.com/en-us/library/886kc0as.aspx
Signed-off-by: W. Trevor King <wking@tremily.us>
2017-01-04 14:12:16 -08:00
dc8f2c2e6e
Add support for Windows-based containers
...
Signed-off-by: John Howard <jhoward@microsoft.com>
2016-09-22 12:13:04 -07:00
d7b8877547
config: Consistent Markdown/Go/JSON-Schema wording for 'root'
...
I've also added our usual:
(<type>, <required|optional>)
to the Markdown so folks can see that this is a required object.
Signed-off-by: W. Trevor King <wking@tremily.us>
2016-08-03 00:16:24 -07:00
a3126aa342
schema/defs.json: Pull annotations over from config-schema.json
...
So we can use it in the coming state-schema.json without duplication.
I dropped the "id" because none of the other defs.json entries had an
ID.
Signed-off-by: W. Trevor King <wking@tremily.us>
2016-06-08 20:43:06 -07:00
28cbd4dd8e
schema/defs.json: Pull ociVersion over from config-schema.json
...
So we can use it in the coming state-schema.json without duplication.
While I'm touching it, I updated the spec title to match the project
README's header. I also dropped the "id" because none of the other
defs.json entries had an ID.
Signed-off-by: W. Trevor King <wking@tremily.us>
2016-06-08 20:43:06 -07:00
59ede1a6ac
schema: Move schema.json -> config-schema.json and similar
...
To make it clear that these schemas are for validating config.json
(and not, for example, state JSON). I've left the IDs alone for now,
because my PR adjusting those was rejected [1].
The rule for the -schema portion is "use it for entrypoint files" [2].
[1]: https://github.com/opencontainers/runtime-spec/pull/453
[2]: https://github.com/opencontainers/runtime-spec/pull/481#issuecomment-223641814
Signed-off-by: W. Trevor King <wking@tremily.us>
2016-06-08 20:43:06 -07:00
Michael Crosby
Tianon Gravi
W. Trevor King
Ma Shimiao
zhouhao
Mrunal Patel
John Howard