Mainly just moved stuff around, but also tried to add some clarity around
what is required w.r.t. naming and location of files/dirs.
Signed-off-by: Doug Davis <dug@us.ibm.com>
I didn't really change much, just moved somes stuff around and expanded
a little more in number 5.
I moved all of the physical shipping container stuff to just the into
because while its a cute analogy, repeating it over and over just got
in the way of the real point - and by number 5 we endedup having more text
about shipping containers than our containers - which was just weird.
Signed-off-by: Doug Davis <dug@us.ibm.com>
Moving this tool to https://github.com/vbatts/git-validation so that
iteration on it will not be noise for this project.
Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>
The UTS namespace is for hostnames and NIS domain names [1]. Without
a new namespace, the hostname entry would clobber the host
environment's hostname.
Clobbering the host's hostname or a joined-namespace's hostname might
be acceptable for folks who trust their bundles, but it's not allowed
by the "error out if the config specifies anything else related to
that namespace" language that landed in 02b456e9 (Clarify behavior
around namespaces paths, 2015-09-08, #158).
[1]: http://man7.org/linux/man-pages/man7/namespaces.7.html
Signed-off-by: W. Trevor King <wking@tremily.us>
- add information to cgroup resources controllers with examples
- add pids cgroup information and example
- reflect kernel types
Signed-off-by: Antonio Murdaca <runcom@linux.com>
we have both styles in the *.md, we should use only one of the styles.
**`name`** is much prettier than **name** in the result,
so we use **`name`**
Signed-off-by: Lai Jiangshan <jiangshanlai@gmail.com>
By default, Seccomp filters will only permit syscalls to be made using the
native architecture of the kernel. This is fine for most use cases, but breaks
others (such as running 32-bit code in a container on a host with a 64-bit
kernel). This patch adds a field to specify additional architectures which may
make syscalls.
Signed-off-by: Matthew Heon <mheon@redhat.com>
`WeightDevice`, `ThrottleReadBpsDevice`, `ThrottleWriteBpsDevice`,
`ThrottleReadIOpsDevice`, `ThrottleWriteIOpsDevice` are now slices to
well defined structs to allow setting multiple devices in their respective
blkio file. By using a string to represents those values it wasn't possible
to set correct values when multiple devices were passed in the config
(either newline separated or comma separated).
Signed-off-by: Antonio Murdaca <runcom@linux.com>
Kunal mentioned this tool in this thread [1]. There's some discussion
with David Liang of OCT in that thread where Kunal and David seem to
be trying to find common ground and avoid duplicating effort, but both
projects seem to be moving along on their own now. I think we should
link to both, and we can always remove a link later if/when the two
projects get together to provide a common validator framework.
Entries in this list (the first in implementations.md with two entries
in a category) are alphabetical by whatever the first text is in the
enter.
[1]: https://groups.google.com/a/opencontainers.org/forum/#!topic/dev/B2qQ9itIsgI
Message-Id: <b8554ca7-bc0a-480c-9603-8c4ab3f4fdd6@opencontainers.org>
Signed-off-by: W. Trevor King <wking@tremily.us>
Mrunal Patel
Mrunal Patel
Vincent Batts
Doug Davis
Lai Jiangshan
Michael Crosby
W. Trevor King
Antonio Murdaca
Jonathan Boulle
Alexander Morozov
linzhinan
Matthew Heon
Gao feng