After thorough discussion, even though a reasonable default is "/", for
platform independence, leave this up to the bundle author.
Also, by this variable being present it makes things explicit for the
runtime.
Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>
The UTS namespace is for hostnames and NIS domain names [1]. Without
a new namespace, the hostname entry would clobber the host
environment's hostname.
Clobbering the host's hostname or a joined-namespace's hostname might
be acceptable for folks who trust their bundles, but it's not allowed
by the "error out if the config specifies anything else related to
that namespace" language that landed in 02b456e9 (Clarify behavior
around namespaces paths, 2015-09-08, #158).
[1]: http://man7.org/linux/man-pages/man7/namespaces.7.html
Signed-off-by: W. Trevor King <wking@tremily.us>
we have both styles in the *.md, we should use only one of the styles.
**`name`** is much prettier than **name** in the result,
so we use **`name`**
Signed-off-by: Lai Jiangshan <jiangshanlai@gmail.com>
If we don't specify this, some bundle-authors or runtime-implementers
might expect the runtime to intelligently order mounts to get the
"right" order [1]. But that's not possible because:
$ mkdir -p a/b/c d/e/f h
# mount --bind a/b h
# mount --bind d a/b
$ tree --charset=ascii h
h
`-- c
But in the other order:
# umount a/b
# umount h
# mount --bind d a/b
# mount --bind a/b h
$ tree --charset=ascii h
h
`-- e
`-- f
So there's no "right" order. Allowing the bundle-author to specify
their intended order is both easy to implement and unambiguous.
[1]: https://github.com/opencontainers/specs/pull/136#issuecomment-137275876
Suggested-by: Lai Jiangshan <jiangshanlai@gmail.com>
Signed-off-by: W. Trevor King <wking@tremily.us>
The field is optional, but it's nice to have at least one example of
it in use. The GIDs I've chosen are currently "tty" and "disk" on
Gentoo (1 is "bin"), which may be remotely reasonable choices, but the
values we're using don't really matter without an example filesystem
to provide context.
Signed-off-by: W. Trevor King <wking@tremily.us>
Based on our discussion in-person yesterday it seems necessary to
separate the concept of runtime configuration from application
configuration. There are a few motivators:
- To support runtime updates of things like cgroups, rlimits, etc we
should separate things that are inherently runtime specific from
things that are static to the application running in the container.
- To support the goal of being able to move a bundle between hosts we
should make it clear what parts of the spec are and are not portable
between hosts so that upon landing on a new host the non-portable
options may be rewritten or removed.
- In order to attach a cryptographic identity to a bundle we must not
include details in the bundle that are host specific.
- link to official SemVer page
- link between config.md and config-linux.md and explain relationship
- fix typo (arch -> os)
- tweak formatting of some special characters
- standardise on "filesystem" instead of the previous mix of "file
system" and "filesystem"
- change "Machine-specific" to the more accurate "Platform-specific"
- move towards zeroth article for all field specifications
- grammar tweaks
This moves some of the linux specific options like namespaces and
devices to the linux config document. It also removes processes as an
array and replaces it with a single process.
It adds the "platform" struct for OS and Arch and updates many of the
examples to match the changes. I also remove some of the redundant
windows examples on the portable spec document because they did not add
any extra value and many values were the same.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
We had an in-person spec discussion, lets separate the spec into some
high-level sections to clarify future discussion.
Crosby agreed to let me merge to master :)
Vincent Batts
Lai Jiangshan
Qiang Huang
W. Trevor King
Mrunal Patel
Will Pragnell
Alexander Morozov
Brandon Philips
Jonathan Rudenberg
Jonathan Boulle
Brandon Philips
Michael Crosby
lizf-os