Apply suggestions from code review

Co-authored-by: Aleksa Sarai <[email protected]> Signed-off-by: Akihiro Suda <[email protected]>
opencontainers · Jul 19, 2023 · f24cf4f · f24cf4f
1 parent 3212194
commit f24cf4f
Showing 1 changed file with 8 additions and 9 deletions.
diff --git a/content/posts/blog/2023-07-20-oci-runtime-spec-v1-1.md b/content/posts/blog/2023-07-20-oci-runtime-spec-v1-1.md
@@ -18,23 +18,22 @@ The spec is also implemented by [crun](https://github.com/containers/crun), [you
 [Kata Containers](https://katacontainers.io/), and others.
 These low-level container runtimes are usually called from high-level container runtimes such as [containerd](https://containerd.io/) and [CRI-O](https://cri-o.io/).
 
-# "Breaking" change
+# "Breaking" Changes
 ## [config: change prestart hook spec to match reality (#1169)](https://github.com/opencontainers/runtime-spec/pull/1169)
 
 In the OCI Runtime Spec v1.0, `prestart` hooks were required to be called during the `start` operation.
 This was contrary to the actual implementation of runc, which calls `prestart` hooks as a part of the `create` operation.
+The spec was partially revised to fix this several years ago [with the addition of new lifecycle hooks and the deprecation of the `prestart` hook](https://github.com/opencontainers/runtime-spec/pull/1008) but the text was confusing and didn't full explain the correct recommendations for implementations.
 
-The spec is now revised to conform to the actual implementation of runc.
-Technically, this is a "breaking" change of the spec, but this does not break the existing implementations of runc and runc-compatible runtimes.
-So, we are not bumping up the spec version to v2.0 this time.
+The spec has now been revised to completely resolve this issue and make the (deprecated) `prestart` hook have the same behaviour as the actual runc implementation.
+Technically, this is a "breaking" change of the spec, but given that existing runtimes have already implemented this behaviour (even before the runtime-spec 1.0.0 release), and the specification already included text dealing with this issue we do not feel this warrants a major version bump.
 
 # Deprecations
 ## [config-linux: mark memory.kernel[TCP] as NOT RECOMMENDED (#1093)](https://github.com/opencontainers/runtime-spec/pull/1093)
 
-The `memory.kernel[TCP]` config is now deprecated from the spec, as [Linux kernel v5.4](https://github.com/torvalds/linux/commit/0158115f702b0ba208ab0)
-has deprecated the support for setting kernel memory limits.
+The `memory.kernel` and `memory.kernelTCP` resource configurations are now marked as deprecated, as the upstream Linux kernel [has deprecated the support for setting kernel memory limits since 5.4](https://github.com/torvalds/linux/commit/0158115f702b0ba208ab0).
 
-runc has been already ignoring the `memory.kernel[TCP]` configuration since [runc v1.0.0-rc94](https://github.com/opencontainers/runc/commit/2d38476c96e3407eba876e77b301880c6d7e5ccc).
+Note that runc has ignored these configuration settings since [runc v1.0.0-rc94](https://github.com/opencontainers/runc/commit/2d38476c96e3407eba876e77b301880c6d7e5ccc).
 
 # Additions
 ## [cgroup: add cgroup v2 support (#1040)](https://github.com/opencontainers/runtime-spec/pull/1040)
@@ -46,7 +45,7 @@ This has been already implemented in runc since [runc v1.0.0-rc93](https://githu
 
 ## [seccomp: support RISC-V 64 (#1059)](https://github.com/opencontainers/runtime-spec/pull/1059)
 
-The spec now supports RISC-V (riscv64) platform.
+The spec now supports the RISC-V (riscv64) architecture.
 
 runc supports RISC-V since runc [v1.1.8](https://github.com/opencontainers/runc/commit/1cdfa95f39bc5e3ea46a498382b5376c983eed80).
 
@@ -62,7 +61,7 @@ The support for `seccomp_unotify` has been already implemented in runc since [ru
 ## [config: add IDMapping field for mount point (#1143)](https://github.com/opencontainers/runtime-spec/pull/1143)
 
 The spec now supports ID-mapped mounts using [`MOUNT_ATTR_IDMAP`](https://man7.org/linux/man-pages/man2/mount_setattr.2.html) (since Linux kernel v5.12).
-This eliminates the overhead of `chown` that was an obstacle to adopt user namespaces.
+This eliminates the overhead of `chown` that was an obstacle to adopt user namespaces, though it should be noted that the `rootfs` cannot have idmapped mounts configured so higher-level runtimes will need to implement rootfs idmapping (which is fairly trivial).
 
 This was recently implemented in the [`main`](https://github.com/opencontainers/runc/commit/f73b05dee6d017865d6d8929b0ec65d29ce4f3d2) branch of runc.
 Will be included in runc v1.2.0.