Add support for Intel Resource Director Technology (RDT) / Cache Allocation
Technology (CAT). Add L3 cache resource constraints in Linux-specific
configuration.
This is the prerequisite of this runc proposal:
https://github.com/opencontainers/runc/issues/433
For more information about Intel RDT/CAT, please refer to:
https://github.com/opencontainers/runc/issues/433
Signed-off-by: Xiaochen Shen <xiaochen.shen@intel.com>
The:
"type": [
"string"
]
syntax added in 652323cd (improve seccomp format to be more
expressive, 2017-01-13, #657) is not valid:
$ ./validate ./config-schema.json <../config.json
The document is not valid. see errors :
- linux.seccomp.syscalls.0.names: Invalid type. Expected: string, given: array
Signed-off-by: W. Trevor King <wking@tremily.us>
Fix a JSON typo which snuck in with eb114f05 (Add ambient and bounding
capability support, 2017-02-02, #675).
Signed-off-by: W. Trevor King <wking@tremily.us>
These are literal quotes, and we don't want Markdown to confuse the
underscores with emphasis delimiters [1].
[1]: http://daringfireball.net/projects/markdown/syntax#em
Signed-off-by: W. Trevor King <wking@tremily.us>
Unwind an overly-aggressive backtick replacement from f9dc90b0 (make
link usage consistent across the specification, 2017-02-09, #687).
Signed-off-by: W. Trevor King <wking@tremily.us>
I expect the lifecycle information was removed accidentally in
be594153 (Split create and start, 2016-04-01, #384), because for a
time it seemed like that PR would also be removing hooks. Putting the
lifecycle information back in, I made some tweaks to adjust to the new
environment, for example:
* Put the pre-start hooks after the 'start' call, but before the meat
of the start call (the container-process exec trigger). Folks who
want a post-create hook can add one with that name. I'd like to
have renamed poststop to post-delete to avoid confusion like [1].
But the motivation for keeping hooks was backwards compatibility [2]
so I've left the name alone.
* Put each "...command is invoked..." lifecycle entry in its own list
entry, to match the 'create' list entry.
* Move the rules about what happens on hook failure into the
lifecycle. This matches pre-split entries like:
If any prestart hook fails, then the container MUST be stopped and
the lifecycle continues at step 7.
and avoids respecifying that information in a second location
(config.md).
* I added the warning section to try and follow post-split's generic
"generates an error" approach while respecting the pre-split desire
to see what failed (we had "then an error including the exit code
and the stderr is returned to the caller" and "then an error is
logged").
* I left the state 'id' context out, since Michael didn't want it [3].
* Make runtime.md references to "generate an error" and "log a
warning" links, so readers have an easier time finding more detail
on that wording.
Where I reference a section, I'm still using the auto-generated anchor
for that header and not the anchors which were added in 41839d7 (Merge
pull request #707 from mrunalp/anchor_tags, 2017-03-03) and similar.
Mrunal suggested that the manually-added anchors were mainly intended
for the validation tooling [4].
[1]: https://github.com/opencontainers/runtime-spec/pull/395
Subject: Run post-stop hooks before the container sandbox is deleted.
[2]: https://github.com/opencontainers/runtime-spec/pull/483#issuecomment-240568422
Subject: *: Remove hooks
[3]: https://github.com/opencontainers/runtime-spec/pull/532#discussion_r99232480
Subject: Restore hook language removed by create/start split
[4]: http://ircbot.wl.linuxfoundation.org/eavesdrop/%23opencontainers/%23opencontainers.2017-03-03.log.html#t2017-03-03T18:02:12
Signed-off-by: W. Trevor King <wking@tremily.us>
This partially revert #648 , after a second thought, I think we
should use specs value the same as kernel API input, see:
https://github.com/opencontainers/runtime-spec/issues/692#issuecomment-281889852
For memory and hugetlb limits *.limit_in_bytes, cgroup APIs take the values
as string, but the parsed values are unsigned long, see:
https://github.com/torvalds/linux/blob/v4.10/mm/page_counter.c#L175-L193
For `cpu.cfs_quota_us` and `cpu.rt_runtime_us`, cgroup APIs take the input
value as signed long long, while `cpu.cfs_period_us` and `cpu.rt_periof_us`
take the input value as unsigned long long.
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
These are optional on multiple platforms and should be left up to the
runtime/host system for validation.
Closes#470
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Ma Shimiao
Vincent Batts
Mrunal Patel
Michael Crosby
Xiaochen Shen
zhouhao
Daniel, Dao Quang Minh
Qiang Huang
Tianon Gravi
W. Trevor King
Jesse Butler
Mrunal Patel
grantseltzer