Skip to content

Commit

Permalink
Merge pull request #171 from gao-feng/update-runtime-config-linux-md
Browse files Browse the repository at this point in the history 
move the description of user ns mapping and default files to proper file
  • Loading branch information
@hqhq
hqhq committed Jan 5, 2016
2 parents 4060e6c + 053f059 commit 4916d73
Show file tree
Hide file tree
Showing 2 changed files with 30 additions and 24 deletions.
24 changes: 0 additions & 24 deletions config-linux.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,30 +16,6 @@ Valid values are the strings for capabilities defined in [the man page](http://m
]
```

## User namespace mappings

```json
"uidMappings": [
{
"hostID": 1000,
"containerID": 0,
"size": 10
}
],
"gidMappings": [
{
"hostID": 1000,
"containerID": 0,
"size": 10
}
]
```

uid/gid mappings describe the user namespace mappings from the host to the container.
The mappings represent how the bundle `rootfs` expects the user namespace to be setup and the runtime SHOULD NOT modify the permissions on the rootfs to realize the mapping.
*hostID* is the starting uid/gid on the host to be mapped to *containerID* which is the starting uid/gid in the container and *size* refers to the number of ids to be mapped.
There is a limit of 5 mappings which is the Linux kernel hard limit.

## Default Devices and File Systems

The Linux ABI includes both syscalls and several special file paths.
Expand Down
30 changes: 30 additions & 0 deletions runtime-config-linux.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,32 @@ Also, when a path is specified, a runtime MUST assume that the setup for that pa
]
```

## User namespace mappings

###### Example

```json
"uidMappings": [
{
"hostID": 1000,
"containerID": 0,
"size": 10
}
],
"gidMappings": [
{
"hostID": 1000,
"containerID": 0,
"size": 10
}
]
```

uid/gid mappings describe the user namespace mappings from the host to the container.
The mappings represent how the bundle `rootfs` expects the user namespace to be setup and the runtime SHOULD NOT modify the permissions on the rootfs to realize the mapping.
*hostID* is the starting uid/gid on the host to be mapped to *containerID* which is the starting uid/gid in the container and *size* refers to the number of ids to be mapped.
There is a limit of 5 mappings which is the Linux kernel hard limit.

## Devices

`devices` is an array specifying the list of devices to be created in the container.
Expand Down Expand Up @@ -152,6 +178,8 @@ The Spec does not include naming schema for cgroups.
The Spec does not support [split hierarchy](https://www.kernel.org/doc/Documentation/cgroups/unified-hierarchy.txt).
The cgroups will be created if they don't exist.

###### Example

```json
"cgroupsPath": "/myRuntime/myContainer"
```
Expand Down Expand Up @@ -182,6 +210,8 @@ For more information, see [the memory cgroup man page](https://www.kernel.org/do

More information on `oom_score_adj` available [here](https://www.kernel.org/doc/Documentation/filesystems/proc.txt).

###### Example

```json
"oomScoreAdj": 0
```
Expand Down

0 comments on commit 4916d73

Please sign in to comment.