Commit Graph

26 Commits

Author SHA1 Message Date
W. Trevor King 4b49c64a88 config: Shift oomScoreAdj from linux.resources to process
The only discussion related to this is in [1,2], where the
relationship between oomScoreAdj and disableOOMKiller is raised. But
since 429f936 (Adding cgroups path to the Spec, 2015-09-02, #137)
resources has been tied to cgroups, and oomScoreAdj is not about
cgroups.  For example, we currently have (in config-linux.md):

  You can configure a container's cgroups via the resources field of
  the Linux configuration.

I suggested we move the property from linux.resources.oomScoreAdj to
linux.oomScoreAdj so config authors and runtimes don't have to worry
about what cgroupsPath means if the only entry in resources is
oomScoreAdj.  Michael responded with [4]:

  If anything it should probably go on the process

So that's what this commit does.

I've gone with the four-space indents here to keep Pandoc happy (see
7795661 (runtime.md: Fix sub-bullet indentation, 2016-06-08, #495),
but have left the existing entries in this list unchanged to reduce
churn.

[1]: https://github.com/opencontainers/runtime-spec/pull/236
[2]: https://github.com/opencontainers/runtime-spec/pull/292
[3]: https://github.com/opencontainers/runtime-spec/pull/137
[4]: https://github.com/opencontainers/runtime-spec/issues/782#issuecomment-299990075

Signed-off-by: W. Trevor King <wking@tremily.us>
2017-05-09 16:46:30 -07:00
zhouhao 79494b2175 schema: Fix the error
Signed-off-by: zhouhao <zhouhao@cn.fujitsu.com>
2017-04-27 13:49:18 +08:00
Mrunal Patel 13895d6074 Merge pull request #775 from q384566678/rootfs-enum
schema: Add enumeration to rootfsPropagation values
2017-04-26 15:59:09 -07:00
Tianon Gravi 138ad89ca8 Merge pull request #768 from wking/optional-syscalls
config-linux: Make linux.seccomp.syscalls OPTIONAL
2017-04-26 08:29:52 -07:00
Qiang Huang ce55de2517 Remove range limit which depend on kernel
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2017-04-26 22:46:02 +08:00
W. Trevor King 42984e8d3c config-linux: Make linux.seccomp.syscalls OPTIONAL
Before this commit, linux.seccomp.sycalls was required, but we didn't
require an entry in the array.  That means '"syscalls": []' would be
technically valid, and I'm pretty sure that's not what we want.

If it makes sense to have a seccomp property that does not need
syscalls entries, then syscalls should be optional (which is what this
commit is doing).

If it does not makes sense to have an empty/unset syscalls then it
should be required and have a minimum length of one.

Before 652323c (improve seccomp format to be more expressive,
2017-01-13, #657), syscalls was omitempty (and therefore more
optional-feeling, although there was no real Markdown spec for seccomp
before 3ca5c6c, config-linux.md: fix seccomp, 2017-03-02, #706, so
it's hard to know).  This commit has gone with OPTIONAL, because a
seccomp config which only sets defaultAction seems potentially valid.

The SCMP_ACT_KILL example is prompted by:

On Tue, Apr 25, 2017 at 01:32:26PM -0700, David Lyle wrote [1]:
> Technically, OPTIONAL is the right value, but unless you specify the
> default action for seccomp to be SCMP_ACT_ALLOW the result will be
> an error at run time.
>
> I would suggest an additional clarification to this fact in
> config-linux.md would be very helpful if marking syscall as
> OPTIONAL.

I've phrased the example more conservatively, because I'm not sure
that SCMP_ACT_ALLOW is the only possible value to avoid an error.  For
example, perhaps a SCMP_ACT_TRACE default with an empty syscalls array
would not die on the first syscall.  The point of the example is to
remind config authors that without a useful syscalls array, the
default value is very important ;).

Also add the previously-missing 'required' property to the seccomp
JSON Schema entry.

[1]: https://github.com/opencontainers/runtime-spec/pull/768#issuecomment-297156102

Signed-off-by: W. Trevor King <wking@tremily.us>
2017-04-25 15:06:57 -07:00
zhouhao a084798c96 schema: Add enumeration to rootfsPropagation values
Signed-off-by: zhouhao <zhouhao@cn.fujitsu.com>
2017-04-21 13:29:13 +08:00
Qiang Huang ec9449187b Set specs value the same as kernel API input
This partially revert #648 , after a second thought, I think we
should use specs value the same as kernel API input, see:
https://github.com/opencontainers/runtime-spec/issues/692#issuecomment-281889852

For memory and hugetlb limits *.limit_in_bytes, cgroup APIs take the values
as string, but the parsed values are unsigned long, see:
https://github.com/torvalds/linux/blob/v4.10/mm/page_counter.c#L175-L193

For `cpu.cfs_quota_us` and `cpu.rt_runtime_us`, cgroup APIs take the input
value as signed long long, while `cpu.cfs_period_us` and `cpu.rt_periof_us`
take the input value as unsigned long long.

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2017-03-01 09:10:43 +08:00
Ma Shimiao 4100020dfc schema: fix invalid types
Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
2017-02-08 16:35:45 +08:00
W. Trevor King 092743727e schema: Drop pointers and nulls
Maintainers feel (and I agree) that there's no point in explicitly
allowing a null value when callers can simply leave the property unset
[1].  This commit removes all references to "pointer" and "null" from
the JSON Schema to support that decision.  While optional properties
may sometimes be represented as pointer types in Go [2], optional
properties should be represented in JSON Schema by not including the
properties in the 'required' array.

[1]: https://github.com/opencontainers/runtime-spec/pull/555#issuecomment-272020515
[2]: style.md "Optional settings should not have pointer Go types"

Signed-off-by: W. Trevor King <wking@tremily.us>
2017-01-23 11:23:44 -08:00
Michael Crosby d5a1269c87 Merge pull request #545 from Mashimiao/fix-blockio-related-validation
fix blkio related validation
2017-01-23 10:32:27 -08:00
Ma Shimiao 1b3e2c7f26 schema: fix invalid string reference
Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
2017-01-23 11:49:22 +08:00
Vincent Batts dc0fa75942 Merge pull request #655 from Mashimiao/schema-fix-with-latest-spec
schema: fix items based on latest spec
2017-01-18 17:29:21 -05:00
W. Trevor King 83200898a1 schema: Remove string pointers
Catch up with 868e6310 (Remove string pointers, 2017-01-12, #653).

Signed-off-by: W. Trevor King <wking@tremily.us>
2017-01-13 07:09:36 -08:00
Ma Shimiao 5076439d49 schema: fix items based on latest spec
Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
2017-01-13 13:59:16 +08:00
Ma Shimiao 58832f9148 config-linux: remove unneeded null for array
Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
2017-01-12 14:59:40 +08:00
Ma Shimiao a04cce97ea fix blkio related validation
Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
2017-01-12 14:56:27 +08:00
Mrunal Patel a3dd52f583 Merge pull request #646 from q384566678/json-test
Perfect json content
2017-01-11 14:24:24 -08:00
zhouhao 2d5e0df2f0 Perfect json content
Signed-off-by: zhouhao <zhouhao@cn.fujitsu.com>
2017-01-06 10:34:38 +08:00
Qiang Huang 082e93a2bd Allow negative value for some resource fields
Carry #499

For these values, cgroup kernal APIs accept -1 to set
them as unlimited, as docker and runc all support
update resources, we should not set drawbacks in spec.

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2017-01-05 19:03:57 +08:00
W. Trevor King 90be62f150 schema: Run 'make fmt'
This should probably be part of our CI testing.

Signed-off-by: W. Trevor King <wking@tremily.us>
2016-08-30 15:46:26 -07:00
Mrunal Patel b860409a5a Merge pull request #546 from Mashimiao/seccomp-remove-unneeded-item
remove unneeded item from seccomp
2016-08-30 15:43:59 -07:00
Ma Shimiao 60672c0b3c add devices for resources and DeviceCgroup
Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
2016-08-30 13:31:01 +08:00
Ma Shimiao 7d22f1c244 remove unneeded item from seccomp
Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
2016-08-29 15:33:23 +08:00
Haiyan Meng da3b96e996 Add missing `"type": "object"`
Signed-off-by: Haiyan Meng <haiyanalady@gmail.com>
2016-08-10 17:14:25 -04:00
W. Trevor King 59ede1a6ac schema: Move schema.json -> config-schema.json and similar
To make it clear that these schemas are for validating config.json
(and not, for example, state JSON).  I've left the IDs alone for now,
because my PR adjusting those was rejected [1].

The rule for the -schema portion is "use it for entrypoint files" [2].

[1]: https://github.com/opencontainers/runtime-spec/pull/453
[2]: https://github.com/opencontainers/runtime-spec/pull/481#issuecomment-223641814

Signed-off-by: W. Trevor King <wking@tremily.us>
2016-06-08 20:43:06 -07:00