diff --git a/features.md b/features.md index f3c8b5b3f..7e9bc81b5 100644 --- a/features.md +++ b/features.md @@ -140,6 +140,24 @@ The current version of the spec do not provide a way to enumerate the possible v } ``` +## Unsafe annotations in `config.json` + +**`unsafeAnnotationsInConfig`** (array of strings, OPTIONAL) contains values of [`annotations` property of `config.json`](config.md#annotations) +that may change the behavior of the runtime. + +A value that ends with "." is interpreted as a prefix of annotations. + +### Example +```json +"unsafeAnnotationsInConfig": [ + "com.example.foo.bar", + "org.systemd.property." +] +``` + +The example above matches `com.example.foo.bar`, `org.systemd.property.ExecStartPre`, etc. +The example does not match `com.example.foo.bar.baz`. + # Example Here is a full example for reference. diff --git a/schema/features-schema.json b/schema/features-schema.json index 30246fa5b..1a9badf35 100644 --- a/schema/features-schema.json +++ b/schema/features-schema.json @@ -17,6 +17,9 @@ }, "annotations": { "$ref": "defs.json#/definitions/annotations" + }, + "unsafeAnnotationsInConfig": { + "$ref": "defs.json#/definitions/ArrayOfStrings" }, "linux": { "$ref": "features-linux.json#/linux" diff --git a/specs-go/features/features.go b/specs-go/features/features.go index 230e88f56..a1fa5b4f8 100644 --- a/specs-go/features/features.go +++ b/specs-go/features/features.go @@ -24,6 +24,12 @@ type Features struct { // Annotations contains implementation-specific annotation strings, // such as the implementation version, and third-party extensions. Annotations map[string]string `json:"annotations,omitempty"` + + // UnsafeAnnotationsInConfig the list of the unsafe annotations + // that may appear in `config.json`. + // + // A value that ends with "." is interpreted as a prefix of annotations. + UnsafeAnnotationsInConfig []string `json:"unsafeAnnotationsInConfig,omitempty"` } // Linux is specific to Linux.