Reverting 7232e4b1 (specs: introduce the concept of a runtime.json,
2015-07-30, #88) after discussion on the mailing list [1]. The main
reason is that it's hard to draw a clear line around "inherently
runtime-specific" or "non-portable", so we shouldn't try to do that in
the spec. Folks who want to flag settings as non-portable for their
own system are welcome to do so (e.g. "we will clobber 'hooks' in
bundles we run") are welcome to do so, but we don't have to have
to split the config into multiple files to do that.
There have been a number of additional changes since #88, so this
isn't a pure Git reversion. Besides copy-pasting and the associated
link-target updates, I've:
* Restored path -> destination, now that the mount type contains both
source and target paths again. I'd prefer 'target' to 'destination'
to match mount(2), but the pre-7232e4b1 phrasing was 'destination'
(possibly due to Windows using 'target' for the source?).
* Restored the Windows mount example to its pre-7232e4b1 content.
* Removed required mounts from the config example (requirements landed
in 3848a238, config-linux: specify the default devices/filesystems
available, 2015-09-09, #164), because specifying those mounts in the
config is now redundant.
* Used headers (vs. bold paragraphs) to set off mount examples so we
get link anchors in the rendered Markdown.
* Replaced references to runtime.json with references to config.json.
[1]: https://groups.google.com/a/opencontainers.org/forum/#!topic/dev/0QbyJDM9fWY
Subject: Single, unified config file (i.e. rolling back specs#88)
Date: Wed, 4 Nov 2015 09:53:20 -0800
Message-ID: <20151104175320.GC24652@odin.tremily.us>
Signed-off-by: W. Trevor King <wking@tremily.us>
After thorough discussion, even though a reasonable default is "/", for
platform independence, leave this up to the bundle author.
Also, by this variable being present it makes things explicit for the
runtime.
Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>
The UTS namespace is for hostnames and NIS domain names [1]. Without
a new namespace, the hostname entry would clobber the host
environment's hostname.
Clobbering the host's hostname or a joined-namespace's hostname might
be acceptable for folks who trust their bundles, but it's not allowed
by the "error out if the config specifies anything else related to
that namespace" language that landed in 02b456e9 (Clarify behavior
around namespaces paths, 2015-09-08, #158).
[1]: http://man7.org/linux/man-pages/man7/namespaces.7.html
Signed-off-by: W. Trevor King <wking@tremily.us>
we have both styles in the *.md, we should use only one of the styles.
**`name`** is much prettier than **name** in the result,
so we use **`name`**
Signed-off-by: Lai Jiangshan <jiangshanlai@gmail.com>
If we don't specify this, some bundle-authors or runtime-implementers
might expect the runtime to intelligently order mounts to get the
"right" order [1]. But that's not possible because:
$ mkdir -p a/b/c d/e/f h
# mount --bind a/b h
# mount --bind d a/b
$ tree --charset=ascii h
h
`-- c
But in the other order:
# umount a/b
# umount h
# mount --bind d a/b
# mount --bind a/b h
$ tree --charset=ascii h
h
`-- e
`-- f
So there's no "right" order. Allowing the bundle-author to specify
their intended order is both easy to implement and unambiguous.
[1]: https://github.com/opencontainers/specs/pull/136#issuecomment-137275876
Suggested-by: Lai Jiangshan <jiangshanlai@gmail.com>
Signed-off-by: W. Trevor King <wking@tremily.us>
The field is optional, but it's nice to have at least one example of
it in use. The GIDs I've chosen are currently "tty" and "disk" on
Gentoo (1 is "bin"), which may be remotely reasonable choices, but the
values we're using don't really matter without an example filesystem
to provide context.
Signed-off-by: W. Trevor King <wking@tremily.us>
Based on our discussion in-person yesterday it seems necessary to
separate the concept of runtime configuration from application
configuration. There are a few motivators:
- To support runtime updates of things like cgroups, rlimits, etc we
should separate things that are inherently runtime specific from
things that are static to the application running in the container.
- To support the goal of being able to move a bundle between hosts we
should make it clear what parts of the spec are and are not portable
between hosts so that upon landing on a new host the non-portable
options may be rewritten or removed.
- In order to attach a cryptographic identity to a bundle we must not
include details in the bundle that are host specific.
- link to official SemVer page
- link between config.md and config-linux.md and explain relationship
- fix typo (arch -> os)
- tweak formatting of some special characters
- standardise on "filesystem" instead of the previous mix of "file
system" and "filesystem"
- change "Machine-specific" to the more accurate "Platform-specific"
- move towards zeroth article for all field specifications
- grammar tweaks
This moves some of the linux specific options like namespaces and
devices to the linux config document. It also removes processes as an
array and replaces it with a single process.
It adds the "platform" struct for OS and Arch and updates many of the
examples to match the changes. I also remove some of the redundant
windows examples on the portable spec document because they did not add
any extra value and many values were the same.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
We had an in-person spec discussion, lets separate the spec into some
high-level sections to clarify future discussion.
Crosby agreed to let me merge to master :)
W. Trevor King
Qiang Huang
Vincent Batts
Doug Davis
Lai Jiangshan
Mrunal Patel
Will Pragnell
Alexander Morozov
Brandon Philips
Jonathan Rudenberg
Jonathan Boulle
Brandon Philips
Michael Crosby
lizf-os