476 lines
19 KiB
Text
476 lines
19 KiB
Text
OpenContainers Specifications
|
|
|
|
Changes with v1.0.0-rc4:
|
|
Additions:
|
|
|
|
* config-linux: Allow negative values for some resources (#648)
|
|
* config-linux: Lift no-tweaking namespace restriction (#649)
|
|
|
|
Removals and increased restrictions:
|
|
|
|
* config: Rlimit types must be unique (#607)
|
|
* config: Forbid empty-string keys in 'annotations' (#645, #654)
|
|
* config-linux: Require runtime errors for pre-existing devices
|
|
(#647)
|
|
* runtime: Only require 'pid' in the state for created/running
|
|
statuses (#664)
|
|
* schema: Add 'consoleSize' and update requirements (#646)
|
|
* schema: Remove string pointers (#656)
|
|
* schema/config-linux: Remove blockIODeviceThrottle and other
|
|
pointers (#545)
|
|
|
|
Breaking Go changes:
|
|
|
|
* specs-go/config: Remove string pointers (#653)
|
|
* specs-go/config: Make Spec.Hooks a pointer (#427)
|
|
* specs-go/config: Convert some resources from unsigned integers
|
|
to signed integers (#648)
|
|
|
|
Minor fixes and documentation:
|
|
|
|
* config: Explicitly list 'hooks' as optional and cite POSIX for
|
|
'env' and 'args' (#427)
|
|
* runtime: Replace "process is stopped" with "process exits"
|
|
(#465)
|
|
* schema/config-linux: Add missing kernelTCP (#655)
|
|
* schema/validate: Allow schema identifiers to contain a URL
|
|
scheme (#490)
|
|
* .travis: Fix git-validation commit ranges (#216)
|
|
* *: Add anchor tags to a number of spec locations (#612, #636,
|
|
#637, #638, #639, #640)
|
|
* *: Typo fixes and polishing (#643, #650, #652, #656, #660, #665)
|
|
|
|
Changes with v1.0.0-rc3:
|
|
Additions:
|
|
|
|
* config: Add support for Windows-based containers (#565, #573)
|
|
* config: Add process.consoleSize (#563)
|
|
* config: Explicitly allow unknown extensions and document
|
|
annotations key conventions (#510)
|
|
* config: Define mounts entries for Solaris (#588)
|
|
|
|
Removals and increased restrictions:
|
|
|
|
* config: Require absolute paths for mount destinations (#609)
|
|
* config-linux: Require absolute path for maskedPaths and
|
|
readonlyPaths (#587)
|
|
* config-linux: Only require /dev/console when process.terminal is
|
|
true. Also require /dev/console to be provided by a bind mount
|
|
(#518)
|
|
* runtime: Require runtimes to generate errors when the container
|
|
specified in config.json cannot be created (#559)
|
|
|
|
Breaking Go changes:
|
|
|
|
* specs-go/config: Aggressive namespacing (#567)
|
|
* specs-go/config: Remove pointers from LinuxHugepageLimit,
|
|
LinuxInterfacePriority, and LinuxPids properties (#586)
|
|
* specs-go/state: Rename version to ociVersion (#633)
|
|
LinuxInterfacePriority, and LinuxPids properties (#586)
|
|
|
|
Minor fixes and documentation:
|
|
|
|
* spec: Separate the spec from project scaffolding (#626)
|
|
* README: Define "unspecified", "undefined", and
|
|
"implementation-defined" (#575)
|
|
* config: Clarify absolue and relative values for root.path (#558)
|
|
* config: Clarify ociVersion covering the configuration <->
|
|
runtime API (#523)
|
|
* config-linux: Forbid duplicated namespaces with same `type`
|
|
(#597)
|
|
* glossary: Make objects explicitly unordered and forbid duplicate
|
|
names (#584)
|
|
* specs-go/config: Add platform tags to Rlimits and
|
|
NoNewPRivileges (#564)
|
|
* schema/defs-linux: Use int64 for major/minor types (#610)
|
|
* Makefile: Add support for Go 1.7 (#547)
|
|
* Makefile: Require Go >= 1.6 for golint (#589)
|
|
* Makefile: Use a POSIX-compatible test ('==' -> '=') (#542)
|
|
* implementations: Rename ocitools -> runtime-tools (#585)
|
|
* *: Typo fixes and polishing (#556, #566, #568, #569, #571, #572,
|
|
#574, #595, #596, #599, #600, #601, #603, #605, #608, #613, #617,
|
|
#619, #621, #622, #623, #624, #625, #627, #629)
|
|
|
|
Changes with v1.0.0-rc2:
|
|
Additions:
|
|
|
|
* config-linux: Add new architectures from libseccomp 2.3.0 (#505)
|
|
* schema: Add JSON Schema for state JSON and move schema.json to
|
|
config-schema.json and similar (#481, #498, #519)
|
|
|
|
Minor fixes and documentation:
|
|
|
|
* Add compliance language for platforms and architectures (#527)
|
|
* Remove "unconditionally compliant" language (#553)
|
|
* bundle: Remove distribution references (#487)
|
|
* runtime: Fix sub-bullet indentation (#495)
|
|
* config: Replace Arch fstab reference with mount(8) (#443)
|
|
* config: Synchronize comments between Markdown and Go (#525)
|
|
* config: Drop v0.x compatibility statement (#488)
|
|
* config-linux: RFC 2119 wording for cgroupsPath (#493)
|
|
* config-linux: Make linux.devices and linux.resources.devices
|
|
optional (#526)
|
|
* config-linux: Extend no-tweak requirement to runtime namespaces (#538)
|
|
* schema: Add hook.timeout (#544)
|
|
* schema: Add missing '"type": "object"' (#528)
|
|
* schema: Run 'make fmt' and remove duplicates (#546, #551)
|
|
* schema/config: Make 'hostname' optional (#491)
|
|
* schema/config-linux: Add linux.resources.devices (#550)
|
|
* specs-go/config: Add Solaris tags to User properties (#496)
|
|
* specs-go/config: Make Linux and Solaris omitempty again (#502)
|
|
* specs-go/config: Make KernelTCP and ClassID omitempty (#531)
|
|
* specs-go/config: Fix "specified" typo for ApparmorProfile (#503)
|
|
* Makefile: Remove code-of-conduct.md and version.md when clean (#541)
|
|
* implementations: Mention cc-oci-runtime (#539)
|
|
* Use filesystem instead of file system (#529)
|
|
* .pullapprove: Add DCO check via PullApprove
|
|
* GOVERNANCE: Add governance and release process docs (#521)
|
|
* README: Change meeting time from 10am to 2pm Pacific (#524)
|
|
* README: Update conference-call phone number (#512, #515)
|
|
|
|
Changes with v1.0.0-rc1:
|
|
Breaking changes:
|
|
|
|
* runtime: Split create and start, #384, #450, #463, #464, #467,
|
|
#468
|
|
* runtime: Remove exec, #388
|
|
* runtime: Enviroment MUST match the configuration, #397
|
|
* config: Runtime MUST generate errors for unsupported platforms,
|
|
#441
|
|
* config: Windows mount destinations MUST NOT be nested, #437
|
|
|
|
Additions:
|
|
|
|
* solaris: Added platform-specific configuration, #411, #424, #431,
|
|
#436
|
|
* runtime: Add 'annotations' and 'status' to the state structure,
|
|
#462, #484, #485
|
|
* runtime: State no longer needs to be serialized as JSON, #446
|
|
* runtime-linux: Add /dev symbolic links, #449
|
|
* config: Allow absolute paths for root.path (which previously
|
|
required relative paths), #394
|
|
* config-linux: Add linux.mountLabel, #393
|
|
* config-linux: Add suport for cgroup namespace, #397
|
|
* config-linux: Runtime SHOULD NOT modify ownership of any
|
|
referenced filesystem (previously the restriction only applied to
|
|
the root filesystem), #452
|
|
* specs-go/seccomp: Add ppc and s390x to specs-go/config.go, #475
|
|
|
|
Minor fixes and documentation:
|
|
|
|
* README: Add project.md to the Table of Contents, #376
|
|
* README: Consistenly indent the Table of Contents, #400
|
|
* README: Link to LICENSE, #442
|
|
* README: Weekly call is OCI-wide, #378
|
|
* config: Explicit runtime namespace for hooks, #415
|
|
* config: Explicit container namespace for uid, gid, and
|
|
additionalGids, #412
|
|
* config: Fix 'string' -> 'array of strings' typo for process.args,
|
|
#416
|
|
* runtime: The runtime MAY validate config.json, #418
|
|
* runtime: Move errors section out of operations, #445
|
|
* runtime: MAY -> SHOULD for post-stop error logging, #410
|
|
* schema/README: Document JSON Schema usage, #360, #385
|
|
* schema: Minor description updates, #456, #461
|
|
* schema/validate: Support reading documents via stdin, #482
|
|
* .pullapprove: Automate review approval, #458, #474
|
|
* .gitignore: Hide more auto-generated files, #386, #392
|
|
* .travis: git-validation detects Travis now, #366
|
|
* .travis: Regress on failure to produce docs, #479
|
|
* Makefile: Filename docs.* -> oci-runtime-spec.*, #478
|
|
* Makefile: Add install.tools target, #349
|
|
* Makefile: Allow native pandoc implementations, #428, #448
|
|
* Makefile: Prefer Bash, #455
|
|
* Makefile: Travis support for .gitvalidation, #422
|
|
* specs-go/config: Add missing omitempties for Process.Terminal,
|
|
Root.Readonly, Spec.Linux, and Spec.Mounts, #408, #429, #430, #431
|
|
* specs-go/config: Remove incorrect omitempties for User.UID and
|
|
User.GID, #425
|
|
* specs-go/config: Drop platform-independent comment, #451
|
|
* version: Include version in generated documentation, #406
|
|
* *: Anchor examples, #348
|
|
* *: Fix remnants from SelinuxProcessLabel to SelinuxLabel rename,
|
|
#396
|
|
* *: Outsource code-of-conduct to TOB repository, #375, #413
|
|
* *: RFC 2119 consistency, #407, #409, #438, #444, #449
|
|
* *: Typo fixes, #390, #401
|
|
* *: Whitespace fixes and validation, #380, #381, #426
|
|
* ROADMAP: Remove stale targets, #435
|
|
|
|
Changes with v0.5.0:
|
|
Breaking changes:
|
|
|
|
* specs-go: Renamed the repository from opencontainers/specs to
|
|
opencontainers/runtime-spec, #365
|
|
|
|
Additions:
|
|
|
|
* config: Add 'timeout' for hooks, #346
|
|
* config-linux: Add 'maskedPaths' and 'readonlyPaths', #364
|
|
|
|
Minor fixes and documentation:
|
|
|
|
* JSON Schema bug-fixes and improved examples, #370
|
|
* README: Define "unconditionally compliant", #374
|
|
* config: Make Markdown canonical, #342
|
|
* config: Explicitly list mapping from symbolic names to UID/GIDs as
|
|
out-of-scope, #347
|
|
* config-linux: Require the runtime mount namespace for namespace
|
|
'path' values, #275
|
|
* config-linux: Reword kernelTCP docs, #377
|
|
* specs-go: Add omitempty to 'Device' and 'Namespace', #340
|
|
* .travis.yml: Use built-in 'go vet' and current 'go lint', dropping
|
|
Go < 1.5, #372, #352
|
|
* implementations: Expand ocitools scope to include testing, #328
|
|
* style: Move one-sentence-per-line rule from the README, #369
|
|
* style: Remove dangling parenthesis, #359
|
|
* README: Add a link to the IRC logs, #358
|
|
* Fix "manadate", "exmaple", "paramters", and "preferrably" typos,
|
|
#353, #354
|
|
|
|
Changes with v0.4.0:
|
|
Breaking changes:
|
|
|
|
* config: Move capabilities, selinuxProcessLabel, apparmorProfile,
|
|
and noNewPrivileges from the linux setting to the process setting
|
|
and make them optional, renaming selinuxProcessLabel to
|
|
selinuxLabel, #329, #330, #339
|
|
* runtime: Rename version to ociVerison in the state JSON, #225
|
|
* runtime: Remove the directory requirement for storing state, now
|
|
that there is a 'state' operation, #225, #334
|
|
* go: Shift *.go to specs-go/*.go, #276
|
|
* config: Move rlimits to process, #341
|
|
* go: Move config_linux.go content into config.go, removing
|
|
LinuxSpec, #310
|
|
|
|
Additions:
|
|
|
|
* schema: Add JSON Schema (and validator) for `config.json`, #313
|
|
* config: Add annotations for opaque-to-the-runtime data, #331
|
|
* config-linux: Make seccomp optional, #333
|
|
* runtime: Added additional operations: state, stop, and exec.
|
|
#225
|
|
|
|
Minor fixes and documentation:
|
|
|
|
* config-linux: Change mount type from *rune to *string and fix
|
|
octal fileMode examples, #323
|
|
* runtime: RFC 2119 phrasing for the lifecycle, #225
|
|
* README: Add a full example of config.json, #276
|
|
* README: Replace BlueJeans with UberConference, #326, #338
|
|
* style: Document Go-pointer exceptions, #317
|
|
|
|
Changes with v0.3.0:
|
|
Breaking changes:
|
|
|
|
* config: Single, unified config file, #284
|
|
* config: cwd is a required default, and must be absolute, #286,
|
|
#307, #308, #312
|
|
* config: qualify the name of the version field, #309
|
|
* config-linux: Convert classID from hex to uint32, #296
|
|
* config-linux: Separate mknod from cgroups, #298
|
|
|
|
Additions:
|
|
|
|
* config-linux: Add NoNewPrivileges setting for linux, #290
|
|
|
|
Minor fixes and documentation:
|
|
|
|
* config-linux: clarify oom_score_adj, #236, #292
|
|
* config-linux: Update links to cgroups documentation, #318
|
|
* config-linux: Remove pointers for slices preferring omitempty
|
|
tag instead, #316
|
|
* README: add runtime, bundle, and hook author user, #280
|
|
* ROADMAP: reshuffled and split into GitHub issues, #300, #301,
|
|
#304, #306
|
|
* style: Collect established styles in a discoverable location, #287, #311
|
|
|
|
Changes with v0.2.0:
|
|
* Add Apparmor, Selinux and Seccomp
|
|
* Add Apparmor, Selinux and Seccomp sections
|
|
* Add bind mount example
|
|
* Add fd section for linux container process
|
|
* Add Go types for specification
|
|
* *: adding a code of conduct
|
|
* Adding cgroups path to the Spec.
|
|
* .: Adding listing of implementations
|
|
* .: adding travis file for future CI
|
|
* Add license and DCO information for contributions
|
|
* Add linux spec description
|
|
* Add MAINTAINERS file
|
|
* Add memory swappiness to linux spec
|
|
* Add runtime state configuration and structs
|
|
* Adds a section for user namespace mappings
|
|
* Adds link to kernel cgroups documentation
|
|
* Adds section for Linux Rlimits
|
|
* Adds section for Linux Sysctl.
|
|
* Adds user namespace to the list of namespaces
|
|
* bundle: add initial run use case
|
|
* bundle: Fix 'and any number of and other related' typo
|
|
* bundle.md: clarify arbitrary/conventional dirnames
|
|
* bundle.md: fix link formatting
|
|
* bundle.md: fix off-by-one error
|
|
* bundle.md: various updates to latest spec
|
|
* bundle: Move 'Linux sysctl' header to its own line
|
|
* Change commiter to committer
|
|
* Change Device field order in spec_linux.go, 'Path' should be top of the 'Type' field, according to the different of the config-linux.md, 'Path' field is the unique key.
|
|
* Change layout of mountpoints and mounts
|
|
* Change the rlimit type to string instead of int
|
|
* Clarify behavior around namespaces paths.
|
|
* config: Add example additionalGids
|
|
* config: Add example cwd
|
|
* config: cleanup language on readonly parameter
|
|
* config: fix links to go files
|
|
* config-linux: specify the default devices/filesystems available
|
|
* config.md: clarify destination for mounts
|
|
* config.md: make the version a semver
|
|
* config.md: make the version field example a semver
|
|
* config.md: minor clean up of process specification
|
|
* config.md: reformat into a standard style
|
|
* config.md: update links to spec schema code
|
|
* config.md: various cleanup/consistency fixes
|
|
* config: minor cleanup
|
|
* Deduplicate the field of RootfsPropagation
|
|
* Define constants for Linux Namespace names
|
|
* Fix LinuxRuntime field
|
|
* Fix root object keys
|
|
* Fix typos in config.md
|
|
* Fix typos in the "Namespace types" section
|
|
* Fix typos in the rlimits section
|
|
* Fix Windows path escaping in example mount JSON
|
|
* JSON objects are easier to parse/manipulate
|
|
* made repo public. Added warning in README
|
|
* Make namespaces match runc
|
|
* make rootfs mount propagation mode settable
|
|
* Makes namespaces description linux specific
|
|
* *.md: markdown formatting
|
|
* Modify the capabilities constants to match header files like other constants
|
|
* Move linux specific options to linux spec
|
|
* README: add a rule for paragraph formatting in markdown
|
|
* README: Document BlueJeans and wiki archive for meetings
|
|
* README: Document pre-meeting agenda alteration
|
|
* README: Document YouTube and IRC backchannel for meetings
|
|
* README: Focus on local runtime (create/start/stop)
|
|
* README.md: Add a git commit style guide
|
|
* README.md: contribution about discussion
|
|
* README: releases section
|
|
* README: Remove blank line from infrastructure-agnostic paragraph
|
|
* removed boilerplate file
|
|
* *: remove superfluous comma in code-of-conduct
|
|
* Remove trailing whitespace
|
|
* Rename SystemProperties to Sysctl
|
|
* Rename the header "Access to devices" to "Devices" to fit with the config
|
|
* *: re-org the spec
|
|
* Replace Linux.Device with more specific config
|
|
* restore formatting
|
|
* Return golang compliant names for UID and GID in User
|
|
* Return golint-compliant naming for mappings
|
|
* runtime: Add prestart/poststop hooks
|
|
* runtime_config: comments for golint
|
|
* runtime-config-linux: Drop 'Linux' from headers
|
|
* runtime_config_linux: Fix 'LinuxSpec' -> 'LinuxRuntimeSpec' in comment
|
|
* runtime-config-linux: One sentence per line for opening two paragraphs
|
|
* runtime-config: Remove blank lines from the end of files
|
|
* runtime-config: Remove 'destination' docs from mounts
|
|
* runtime.md: convert oc to runc
|
|
* runtime: use opencontainer vs oci
|
|
* *: small spelling fixes
|
|
* Specific platform specific user struct for spec
|
|
* spec: linux: add support for the PIDs cgroup
|
|
* spec_linux: conform to `golint`
|
|
* spec_linux.go: Rename IDMapping fields to follow syscall.SysProcIDMap
|
|
* spec_linux: remove ending periods on one-line comments
|
|
* spec: rename ocp to oci and add a link
|
|
* specs: add json notation
|
|
* specs: align the ascii graph
|
|
* specs: fix the description for the [ug]idMappings
|
|
* specs: introduce the concept of a runtime.json
|
|
* .tools: cleanup the commit entry
|
|
* .tools: repo validation tool
|
|
* travis: fix DCO validation for merges
|
|
* typo: containers -> container's
|
|
* typo: the -> for
|
|
* Update config-linux for better formatting on values
|
|
* Update README.md
|
|
* Update readme with weekly call and mailing list
|
|
* Update runtime.md
|
|
* Update runtime.md
|
|
* Update runtime.md
|
|
* version: more explicit version for comparison
|
|
|
|
Changes with v0.1.0:
|
|
* Add Architecture field to Seccomp configuration in Linux runtime
|
|
* Add @hqhq as maintainer
|
|
* Add hyphen for host specific
|
|
* Adding Vishnu Kannan as a Maintainer.
|
|
* Add initial roadmap
|
|
* Add lifecycle for containers
|
|
* Add oom_score_adj to the runtime Spec.
|
|
* Add post-start hooks
|
|
* Add Seccomp constants to description of Linux runtime spec
|
|
* Add Seccomp constants to Linux runtime config
|
|
* Add some clarity around the state.json file
|
|
* adds text describing the upper-case keywords used in the spec
|
|
* add testing framework to ROADMAP
|
|
* Appropriately mark optional fields as omitempty
|
|
* cgroup: Add support for memory.kmem.tcp.limit_in_bytes
|
|
* Change HugepageLimit.Limit type to uint64
|
|
* Change the behavior when cgroupsPath is absent
|
|
* Change version from 0.1.0 to 0.2.0
|
|
* Clarify the semantics of hook elements
|
|
* Cleanup bundle.md
|
|
* Cleanup principles
|
|
* config: linux: update description of PidsLimit
|
|
* config: Require a new UTS namespace for config.json's hostname
|
|
* config: Require the runtime to mount Spec.Mounts in order
|
|
* convert **name** to **`name`**
|
|
* Example lists "root' but text mentions "bundlePath"
|
|
* Fix an extra space in VersionMinor
|
|
* Fix golint warnings
|
|
* Fix typo in BlockIO struct comment
|
|
* Fix typo in Filesystem Bundle
|
|
* Fix value of swappiness
|
|
* glossary: Provide a quick overview of important terms
|
|
* glossary: Specify UTF-8 for all our JSON
|
|
* hooks: deduplicate the hooks docs
|
|
* implementations: Link to kunalkushwaha/octool
|
|
* implementations: Link to mrunalp/ocitools
|
|
* lifecycle: Don't require /run/opencontainer/<runtime>/containers
|
|
* lifecycle: Mention runtime.json
|
|
* lifecycle: no hypens
|
|
* MAINTAINERS: add tianon per the charter
|
|
* MAINTAINERS: correct Vish's github account
|
|
* Makefile: Add glossary to DOC_FILES
|
|
* Make optional Cgroup related config params pointers along with `omitempty` json tag.
|
|
* Mark RootfsPropagation as omitempty
|
|
* *.md: update TOC and links
|
|
* move the description of Rlimits before example
|
|
* move the description of user ns mapping to proper file
|
|
* principles: Give principles their own home
|
|
* *: printable documents
|
|
* Project: document release process
|
|
* README: Fix some headers
|
|
* README: make header more concise
|
|
* remove blank char from blank line
|
|
* Remove the unneeded build tag from the config_linux.go
|
|
* Remove trailing comma in hooks json example
|
|
* Rename State's Root to Bundle
|
|
* ROADMAP.md: remove the tail spaces
|
|
* roadmap: update links and add wiki reference
|
|
* runtime: Add 'version' to the state.json example
|
|
* runtime-config: add example label before json example
|
|
* runtime-config: add section about Hooks
|
|
* runtime: config: linux: add cgroups information
|
|
* runtime: config: linux: Edit BlockIO struct
|
|
* runtime: config: linux: Fix typo and trailing commas in json example
|
|
* runtime_config_linux.go: add missing pointer
|
|
* runtime-config-linux.md: fix the type of cpus and mems
|
|
* runtime.md: fix spacing
|
|
* Talk about host specific/independent instead of mutability
|
|
* .tools: commit validator is a separate project
|
|
* .tools: make GetFetchHeadCommit do what it says
|
|
* .travis.yml: add go 1.5.1, update from 1.4.2 to 1.4.3
|
|
* Update readme with wiki link to minutes
|
|
* Update Typo in ROADMAP.md
|
|
* Use unsigned for IDs
|
|
* version: introduce a string for dev indication
|