Codebase list golang-github-opencontainers-specs / run/8f0eac3e-f1ec-4448-a6bf-6016beb26ee0/upstream
Import upstream version 1.1.0.rc.1.4.g7301c34 Debian Janitor 1 year, 3 months ago
9 changed file(s) with 186 addition(s) and 45 deletion(s). Raw diff Collapse all Expand all
+69
-0
ChangeLog less more
00 OpenContainers Specifications
1
2 Changes with v1.1.0-rc.1:
3
4 Breaking changes (but rather conforms to the existing runc implementation):
5
6 * config: change prestart hook spec to match reality (#1169)
7
8 Deprecations:
9
10 * config-linux: mark memory.kernel[TCP] as NOT RECOMMENDED (#1093)
11
12 Additions:
13
14 * cgroup: add cgroup v2 support (#1040)
15 * seccomp: allow to override errno return code (#1041)
16 * seccomp: Add support for SCMP_ACT_KILL_PROCESS (#1044)
17 * Update seccomp architectures to support RISCV64 (#1059)
18 * Add support for SCMP_ACT_KILL_THREAD (#1064)
19 * Add Seccomp Notify support using UNIX sockets and container metadata (#1074)
20 * config-linux: Add Intel RDT CMT and MBM Linux support (#1076)
21 * seccomp: allow to override default errno return code (#1087)
22 * Introduce zos as platform (#1095)
23 * config-linux: add idle option for container cgroup (#1136)
24 * config-linux: add CFS bandwidth burst (#1120)
25 * IDMapping field for mount point (#1143)
26 * schema: add cpu idle (#1145)
27 * add domainname spec entity (#1156)
28 * config-linux: add memory.checkBeforeUpdate (#1158)
29 * seccomp: Add flag SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV (#1161)
30
31 Minor fixes and documentation:
32
33 * seccomp: fix go-specs for errnoRet (#1042)
34 * MAINTAINERS: Add @cyphar as maintainer (#1043)
35 * Define State for container and runtime namespace (#1045)
36 * Add Giuseppe Scrivano as a runtime spec maintainer (#1048)
37 * Remove superfluous 'an' (#1049)
38 * Add State status constants to spec-go (#1046)
39 * config.go: make umask a pointer (#1058)
40 * Update State structure to use the new ContainerState type (#1056)
41 * docs: Added enclave OCI runtime rune to implementations (#1055)
42 * Change all references from whitelist to allowlist (#1054)
43 * Fix int64 and uint64 type value ranges (#1060)
44 * MAINTAINERS: update vbatts email (#1065)
45 * travis: fix go_import_path (#1072)
46 * Makefile: Fix golint URL used in go get (#1075)
47 * config-linux: fix personality link (#1086)
48 * README: Fix broken link for charter (#1091)
49 * Fix seccomp notify inconsistencies (#1096)
50 * runtime should WARN / ignore capabilities that cannot be granted (#1094)
51 * config-linux: clarify the handling of ClosID RDT parameter (#1104)
52 * defs-zos: [Fix] prevent schema parsers from hitting recursion-loop while resolving types. (#1117)
53 * fix the lifecycle reference in the states listing (#1118)
54 * add youki to implementations.md (#1126)
55 * Switch to GitHub Actions, CODEOWNERS, etc. (#1128)
56 * specify cgroup ownership semantics (#1123)
57 * config-linux: MAY reject an unfit cgroup (#1125)
58 * cgroup ownership: clarify that some files may not exist (#1137)
59 * typo: seccompFD -> seccompFd (#1133)
60 * schema: update README.md (#1083)
61 * schema: make with golang 1.16 (#1084)
62 * Update Windows CPU comments (#1144)
63 * specs-go: export LinuxBlockIODevice (#1103)
64 * config-linux: update type of LinuxCPU.Idle to *int64 (#1146)
65 * fix RFC link (#1153)
66 * Add available LinuxSeccompFlags (#1138)
67 * maintainer updates as per (#1101 (#1150)
68 * GOVERNANCE: correct the Charter URL (#1157)
69 * CODEOWNERS: sync with MAINTAINERS (#1160)
170
271 Changes with v1.0.2:
372
+16
-0
config-linux.md less more
3333 * **`uts`** the container will be able to have its own hostname and domain name.
3434 * **`user`** the container will be able to remap user and group IDs from the host to local users and groups within the container.
3535 * **`cgroup`** the container will have an isolated view of the cgroup hierarchy.
36 * **`time`** the container will be able to have its own clocks.
3637 * **`path`** *(string, OPTIONAL)* - namespace file.
3738 This value MUST be an absolute path in the [runtime mount namespace](glossary.md#runtime-namespace).
3839 The runtime MUST place the container process in the namespace associated with that `path`.
6970 },
7071 {
7172 "type": "cgroup"
73 },
74 {
75 "type": "time"
7276 }
7377 ]
7478 ```
105109 }
106110 ]
107111 ```
112
113 ## <a name="configLinuxTimeOffset" />Offset for Time Namespace
114
115 **`timeOffsets`** (object, OPTIONAL) sets the offset for Time Namespace. For more information
116 see the [time_namespaces](time_namespaces.7).
117
118 The name of the clock is the entry key.
119 Entry values are objects with the following properties:
120
121 * **`secs`** *(int64, OPTIONAL)* - is the offset of clock (in seconds) in the container.
122 * **`nanosecs`** *(uint32, OPTIONAL)* - is the offset of clock (in nanoseconds) in the container.
108123
109124 ## <a name="configLinuxDevices" />Devices
110125
938953 [zero.4]: http://man7.org/linux/man-pages/man4/zero.4.html
939954 [user-namespaces]: http://man7.org/linux/man-pages/man7/user_namespaces.7.html
940955 [intel-rdt-cat-kernel-interface]: https://www.kernel.org/doc/Documentation/x86/intel_rdt_ui.txt
956 [time_namespaces.7]: https://man7.org/linux/man-pages/man7/time_namespaces.7.html
+13
-0
config.md less more
927927 }
928928 ]
929929 },
930 "timeOffsets": {
931 "monotonic": {
932 "secs": 172800,
933 "nanosecs": 0
934 },
935 "boottime": {
936 "secs": 604800,
937 "nanosecs": 0
938 }
939 },
930940 "namespaces": [
931941 {
932942 "type": "pid"
948958 },
949959 {
950960 "type": "cgroup"
961 },
962 {
963 "type": "time"
951964 }
952965 ],
953966 "maskedPaths": [
+41
-41
meeting.ics less more
0 BEGIN:VCALENDAR
1 VERSION:2.0
2 PRODID:-//Open Containers Initiative//Developer Meeting//EN
3 BEGIN:VTIMEZONE
4 TZID:America/Los_Angeles
5 LAST-MODIFIED:20050809T050000Z
6 BEGIN:STANDARD
7 DTSTART:20071104T020000
8 RRULE:FREQ=YEARLY;BYMONTH=11;BYDAY=1SU
9 TZOFFSETFROM:-0700
10 TZOFFSETTO:-0800
11 TZNAME:PST
12 END:STANDARD
13 BEGIN:DAYLIGHT
14 DTSTART:20070311T020000
15 RRULE:FREQ=YEARLY;BYMONTH=3;BYDAY=2SU
16 TZOFFSETFROM:-0800
17 TZOFFSETTO:-0700
18 TZNAME:PDT
19 END:DAYLIGHT
20 END:VTIMEZONE
21 BEGIN:VEVENT
22 UID:tdc-meeting@opencontainers.org
23 DTSTAMP:20180628T170000Z
24 DTSTART;TZID=America/Los_Angeles:20170906T140000
25 RRULE:FREQ=MONTHLY;INTERVAL=1;BYDAY=1WE
26 RDATE;TZID=America/Los_Angeles:20180110T140000
27 EXDATE;TZIP=America/Los_Angeles:20180103T140000
28 RDATE;TZID=America/Los_Angeles:20180711T140000
29 EXDATE;TZIP=America/Los_Angeles:20180704T140000
30 DURATION:PT1H
31 SUMMARY:OCI TDC Meeting
32 DESCRIPTION;ALTREP="https://github.com/opencontainers/runtime-spec#
33 meetings":Open Containers Initiative Developer Meeting\n
34 https://github.com/opencontainers/runtime-spec#meetings\n
35 Web: https://www.uberconference.com/opencontainers\n
36 Audio-only: +1 415 968 0849 (no PIN needed)
37 LOCATION:https://www.uberconference.com/opencontainers
38 URL:https://github.com/opencontainers/runtime-spec/blob/master/meeting.ics
39 END:VEVENT
40 END:VCALENDAR
0 BEGIN:VCALENDAR
1 VERSION:2.0
2 PRODID:-//Open Containers Initiative//Developer Meeting//EN
3 BEGIN:VTIMEZONE
4 TZID:America/Los_Angeles
5 LAST-MODIFIED:20050809T050000Z
6 BEGIN:STANDARD
7 DTSTART:20071104T020000
8 RRULE:FREQ=YEARLY;BYMONTH=11;BYDAY=1SU
9 TZOFFSETFROM:-0700
10 TZOFFSETTO:-0800
11 TZNAME:PST
12 END:STANDARD
13 BEGIN:DAYLIGHT
14 DTSTART:20070311T020000
15 RRULE:FREQ=YEARLY;BYMONTH=3;BYDAY=2SU
16 TZOFFSETFROM:-0800
17 TZOFFSETTO:-0700
18 TZNAME:PDT
19 END:DAYLIGHT
20 END:VTIMEZONE
21 BEGIN:VEVENT
22 UID:tdc-meeting@opencontainers.org
23 DTSTAMP:20180628T170000Z
24 DTSTART;TZID=America/Los_Angeles:20170906T140000
25 RRULE:FREQ=MONTHLY;INTERVAL=1;BYDAY=1WE
26 RDATE;TZID=America/Los_Angeles:20180110T140000
27 EXDATE;TZIP=America/Los_Angeles:20180103T140000
28 RDATE;TZID=America/Los_Angeles:20180711T140000
29 EXDATE;TZIP=America/Los_Angeles:20180704T140000
30 DURATION:PT1H
31 SUMMARY:OCI TDC Meeting
32 DESCRIPTION;ALTREP="https://github.com/opencontainers/runtime-spec#
33 meetings":Open Containers Initiative Developer Meeting\n
34 https://github.com/opencontainers/runtime-spec#meetings\n
35 Web: https://www.uberconference.com/opencontainers\n
36 Audio-only: +1 415 968 0849 (no PIN needed)
37 LOCATION:https://www.uberconference.com/opencontainers
38 URL:https://github.com/opencontainers/runtime-spec/blob/master/meeting.ics
39 END:VEVENT
40 END:VCALENDAR
+6
-0
schema/config-linux.json less more
279279 "personality": {
280280 "type": "object",
281281 "$ref": "defs-linux.json#/definitions/Personality"
282 },
283 "timeOffsets": {
284 "type": "object",
285 "additionalProperties": {
286 "$ref": "defs-linux.json#/definitions/TimeOffsets"
287 }
282288 }
283289 }
284290 }
+13
-1
schema/defs-linux.json less more
294294 "uts",
295295 "ipc",
296296 "user",
297 "cgroup"
297 "cgroup",
298 "time"
298299 ]
299300 },
300301 "NamespaceReference": {
310311 "required": [
311312 "type"
312313 ]
314 },
315 "TimeOffsets": {
316 "type": "object",
317 "properties": {
318 "secs": {
319 "$ref": "defs.json#/definitions/int64"
320 },
321 "nanosecs": {
322 "$ref": "defs.json#/definitions/uint32"
323 }
324 }
313325 }
314326 }
315327 }
+13
-0
schema/test/config/good/spec-example.json less more
351351 }
352352 ]
353353 },
354 "timeOffsets": {
355 "monotonic": {
356 "secs": 172800,
357 "nanosecs": 0
358 },
359 "boottime": {
360 "secs": 604800,
361 "nanosecs": 0
362 }
363 },
354364 "namespaces": [
355365 {
356366 "type": "pid"
372382 },
373383 {
374384 "type": "cgroup"
385 },
386 {
387 "type": "time"
375388 }
376389 ],
377390 "maskedPaths": [
+12
-0
specs-go/config.go less more
190190 IntelRdt *LinuxIntelRdt `json:"intelRdt,omitempty"`
191191 // Personality contains configuration for the Linux personality syscall
192192 Personality *LinuxPersonality `json:"personality,omitempty"`
193 // TimeOffsets specifies the offset for supporting time namespaces.
194 TimeOffsets map[string]LinuxTimeOffset `json:"timeOffsets,omitempty"`
193195 }
194196
195197 // LinuxNamespace is the configuration for a Linux namespace
219221 UserNamespace LinuxNamespaceType = "user"
220222 // CgroupNamespace for isolating cgroup hierarchies
221223 CgroupNamespace LinuxNamespaceType = "cgroup"
224 // TimeNamespace for isolating the clocks
225 TimeNamespace LinuxNamespaceType = "time"
222226 )
223227
224228 // LinuxIDMapping specifies UID/GID mappings
229233 HostID uint32 `json:"hostID"`
230234 // Size is the number of IDs to be mapped
231235 Size uint32 `json:"size"`
236 }
237
238 // LinuxTimeOffset specifies the offset for Time Namespace
239 type LinuxTimeOffset struct {
240 // Secs is the offset of clock (in secs) in the container
241 Secs int64 `json:"secs,omitempty"`
242 // Nanosecs is the additional offset for Secs (in nanosecs)
243 Nanosecs uint32 `json:"nanosecs,omitempty"`
232244 }
233245
234246 // POSIXRlimit type and restrictions
+3
-3
specs-go/version.go less more
55 // VersionMajor is for an API incompatible changes
66 VersionMajor = 1
77 // VersionMinor is for functionality in a backwards-compatible manner
8 VersionMinor = 0
8 VersionMinor = 1
99 // VersionPatch is for backwards-compatible bug fixes
10 VersionPatch = 2
10 VersionPatch = 0
1111
1212 // VersionDev indicates development branch. Releases will be empty string.
13 VersionDev = "-dev"
13 VersionDev = "-rc.1-dev"
1414 )
1515
1616 // Version is the specification version that the package types support.