Commit Graph

39 Commits

Author SHA1 Message Date
Mrunal Patel a3dd52f583 Merge pull request #646 from q384566678/json-test
Perfect json content
2017-01-11 14:24:24 -08:00
Qiang Huang 4b42ec4480 Merge pull request #648 from hqhq/all_negative_value
Allow negative value for some resource fields
2017-01-09 21:00:19 -06:00
zhouhao 2d5e0df2f0 Perfect json content
Signed-off-by: zhouhao <zhouhao@cn.fujitsu.com>
2017-01-06 10:34:38 +08:00
Qiang Huang 082e93a2bd Allow negative value for some resource fields
Carry #499

For these values, cgroup kernal APIs accept -1 to set
them as unlimited, as docker and runc all support
update resources, we should not set drawbacks in spec.

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2017-01-05 19:03:57 +08:00
W. Trevor King a78f255982 config: Explicitly list 'hooks' as optional
And make it omitempty, otherwise:

  $ ocitools generate --template <(echo '{}')
  $ cat config.json | jq -S .
  {
    "hooks": {},
    ...
  }

To provide space for the type information and 'optional', I've
shuffled the hook docs to follow our usual:

  * **`{property}`** ({type}, {when-needed}) {notes}

format.  I've kept the separate event-trigger sections (e.g. "###
Prestart") since they go into more detail on the timing, purpose, and
exit handling for the different events (and that seemed like too much
information to put into the nested lists).

I've replaced the Go reference from 48049d2 (Clarify the semantics of
hook elements, 2015-11-25, #255) with POSIX references (following the
new process docs) to address pushback against referencing Go [1,2] in
favor of POSIX links [3].  Rob Dolin had suggested
"platform-appropriate" wording [4], but it seems like Visual Studio
2015 supports execv [5], and providing an explicit
"platform-appropriate" wiggle seems like it's adding useless
complication.

[1]: https://github.com/opencontainers/runtime-spec/pull/427#discussion_r62362761
[2]: http://ircbot.wl.linuxfoundation.org/meetings/opencontainers/2016/opencontainers.2016-05-18-17.01.log.html#l-46
[3]: http://ircbot.wl.linuxfoundation.org/meetings/opencontainers/2016/opencontainers.2016-05-18-17.01.log.html#l-52
[4]: http://ircbot.wl.linuxfoundation.org/meetings/opencontainers/2016/opencontainers.2016-05-18-17.01.log.html#l-54
[5]: https://msdn.microsoft.com/en-us/library/886kc0as.aspx

Signed-off-by: W. Trevor King <wking@tremily.us>
2017-01-04 14:12:16 -08:00
Mike Frysinger 7872d3ddff schema: update major/minor types
This matches the config-linux.md spec which says these are both int64.

Signed-off-by: Mike Frysinger <vapier@chromium.org>
2016-11-04 20:10:56 -04:00
John Howard dc8f2c2e6e Add support for Windows-based containers
Signed-off-by: John Howard <jhoward@microsoft.com>
2016-09-22 12:13:04 -07:00
W. Trevor King 90be62f150 schema: Run 'make fmt'
This should probably be part of our CI testing.

Signed-off-by: W. Trevor King <wking@tremily.us>
2016-08-30 15:46:26 -07:00
Mrunal Patel b860409a5a Merge pull request #546 from Mashimiao/seccomp-remove-unneeded-item
remove unneeded item from seccomp
2016-08-30 15:43:59 -07:00
Michael Crosby 4a910f0711 Merge pull request #550 from Mashimiao/add-devicecgroup-and-devices
add devices for resources and DeviceCgroup
2016-08-30 13:42:07 -07:00
Ma Shimiao 50f36a4148 add timeout for Hook
Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
2016-08-30 13:41:37 +08:00
Ma Shimiao 60672c0b3c add devices for resources and DeviceCgroup
Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
2016-08-30 13:31:01 +08:00
Ma Shimiao 7d22f1c244 remove unneeded item from seccomp
Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
2016-08-29 15:33:23 +08:00
Mrunal Patel 8095e4eb4e Merge pull request #528 from hmeng-19/add_missing_type
Add missing `"type": "object"`
2016-08-17 15:54:40 -07:00
Haiyan Meng da3b96e996 Add missing `"type": "object"`
Signed-off-by: Haiyan Meng <haiyanalady@gmail.com>
2016-08-10 17:14:25 -04:00
W. Trevor King d7b8877547 config: Consistent Markdown/Go/JSON-Schema wording for 'root'
I've also added our usual:

  (<type>, <required|optional>)

to the Markdown so folks can see that this is a required object.

Signed-off-by: W. Trevor King <wking@tremily.us>
2016-08-03 00:16:24 -07:00
W. Trevor King f2cc9fdb60 config: Update 'OpenContainer specification' wording
Catch up with the spec title from faad7e0f (README: title rename,
2016-04-04, #365).

Also make the Go comment consistent with the Markdown spec (no need to
maintain two phrasings for the same idea).  The only difference
between the phrasings is now some shuffling at the beginning to start
off with the property name (to keep godoc happy).

The JSON Schema entry (in defs.json) is different too, because it has
to apply to both the configuration and state JSON, so mentioning
"bundle" makes less sense than mentioning "document".

Signed-off-by: W. Trevor King <wking@tremily.us>
2016-08-02 23:41:05 -07:00
Phil Estes 124ce0beeb Add new architectures from libseccomp 2.3.0
Signed-off-by: Phil Estes <estesp@gmail.com>
2016-06-22 17:43:50 -04:00
Lee Calcote dfb85b165a schema/README: Fix links to (config|state)-schema.json
Fix regression respectively introduced in 59ede1a and 59ede1a

The config-schema.json and state-schema.json references were missing "-schema".

Signed-off-by: Lee Calcote <leecalcote@gmail.com>
2016-06-17 12:45:08 -05:00
W. Trevor King 2a5986f7d6 schema/state-schema.json: Add a JSON Schema for the state JSON
The IDs namespace the fields within the OCI, with /runtime to select
the opencontainers/runtime-spec project, and /state to select the
state JSON within runtime-spec.

Signed-off-by: W. Trevor King <wking@tremily.us>
2016-06-08 20:43:06 -07:00
W. Trevor King a3126aa342 schema/defs.json: Pull annotations over from config-schema.json
So we can use it in the coming state-schema.json without duplication.
I dropped the "id" because none of the other defs.json entries had an
ID.

Signed-off-by: W. Trevor King <wking@tremily.us>
2016-06-08 20:43:06 -07:00
W. Trevor King 28cbd4dd8e schema/defs.json: Pull ociVersion over from config-schema.json
So we can use it in the coming state-schema.json without duplication.
While I'm touching it, I updated the spec title to match the project
README's header.  I also dropped the "id" because none of the other
defs.json entries had an ID.

Signed-off-by: W. Trevor King <wking@tremily.us>
2016-06-08 20:43:06 -07:00
W. Trevor King 59ede1a6ac schema: Move schema.json -> config-schema.json and similar
To make it clear that these schemas are for validating config.json
(and not, for example, state JSON).  I've left the IDs alone for now,
because my PR adjusting those was rejected [1].

The rule for the -schema portion is "use it for entrypoint files" [2].

[1]: https://github.com/opencontainers/runtime-spec/pull/453
[2]: https://github.com/opencontainers/runtime-spec/pull/481#issuecomment-223641814

Signed-off-by: W. Trevor King <wking@tremily.us>
2016-06-08 20:43:06 -07:00
W. Trevor King b10f8bcc49 schema/schema.json: Make 'hostname' optional
The JSON Schema requirement dates back to cdcabdeb (schema: JSON
Schema and validator for `config.json`, 2016-01-19, #313), but the
property has been explicitly optional in the Markdown spec since
7ac41c69 (config.md: reformat into a standard style, 2015-06-30).

Signed-off-by: W. Trevor King <wking@tremily.us>
2016-06-06 00:03:41 -07:00
Michael Crosby 08c556ff87 Merge pull request #482 from wking/validate-stdin
schema/validate: Support reading documents via stdin
2016-06-03 10:45:31 -07:00
Vincent Batts 831d961964 Merge pull request #397 from cyphar/add-cgroup-namespace
*: add support for cgroup namespace
2016-06-03 13:45:27 -04:00
Aleksa Sarai ce19b8d167 *: add support for cgroup namespace
The cgroup namespace is a new kernel feature available in 4.6+ that
allows a container to isolate its cgroup hierarchy. This currently only
allows for hiding information from /proc/self/cgroup, and mounting
cgroupfs as an unprivileged user. In the future, this namespace may
allow for subtree management by a container.

Signed-off-by: Aleksa Sarai <asarai@suse.de>
2016-06-04 00:14:39 +10:00
W. Trevor King 8ca7174c10 schema/validate: Support reading documents via stdin
Signed-off-by: W. Trevor King <wking@tremily.us>
2016-06-01 16:11:36 -07:00
W. Trevor King c4160b4a9e schema/schema.json: Update main description
The README title is:

    Open Container Runtime Specification

And the config.md title is:

    Container Configuration file

The JSON Schema covering that configuration file should have a
description that combines those two titles without introducing new
language.

Signed-off-by: W. Trevor King <wking@tremily.us>
2016-05-26 16:35:32 -07:00
W. Trevor King 16d6e1b823 schema/schema.json: Update path.root description
Use wording from config.md, since the JSON Schema doesn't seem like a
good place to be picking new words.

Signed-off-by: W. Trevor King <wking@tremily.us>
2016-05-25 13:36:31 -07:00
Abhijeeth Nuthan 7c9daebaa7 Introducing Solaris in OCI
Signed-off-by: Abhijeeth Nuthan <abhijeeth.nuthan@oracle.com>
2016-05-04 12:19:27 -07:00
Mrunal Patel e87d7d2ba9 Fix remnants from SelinuxProcessLabel to SelinuxLabel rename
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-04-22 13:51:31 -07:00
Mrunal Patel 7350d5e1f1 Add support for Selinux mount context labels
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-04-22 13:40:49 -07:00
Qiang Huang aaf05c4dc9 Modify README to keep consistency with Makefile
Use the name `validate` instead of `schema` for the
utility.

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2016-04-14 12:33:17 +08:00
Qiang Huang 38b7860096 Fix example in schema README
We should only download dependence without installing,
otherwise we'll probably get error:
go install: no install location for directory /home/qhuang/specs/schema outside GOPATH
        For more details see: go help gopath

Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
2016-04-14 10:39:12 +08:00
Vincent Batts 9da17282d9 schema: add a README
Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>
2016-04-13 13:44:34 -04:00
Vincent Batts d118a8ff53 schema: updates and fixes
Several fields needed the correct typing, and updates for recent changes.

Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>
2016-04-07 10:13:39 -04:00
Michael Crosby adcbe530a9 Add masked and readonly paths
Fixes #320

This adds the maskedPaths and readonlyPaths fields to the spec so that
proper masking and setting of files in /proc can be configured.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-04-01 10:46:41 -07:00
Vincent Batts cdcabdeb6b schema: JSON Schema and validator for `config.json`
Conforming to https://tools.ietf.org/html/draft-zyp-json-schema-03
and http://json-schema.org/latest/json-schema-core.html

* Utilizes a number of JSON schema features, including 'pattern'
* Defined primitives, like integers, that we'll use
* Split out definitions for primitives and platform-specific
* Provide a Makefile for:
 - "fmt" target for *.json
 - "validate" target for building the validation tool

Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>
2016-03-09 19:32:52 +00:00