From 900ec22f8bf0e88310969130e303d00dc32401c0 Mon Sep 17 00:00:00 2001 From: Bjorn Neergaard Date: Wed, 2 Nov 2022 22:11:59 -0600 Subject: [PATCH] fixup! config: base GID must be present in the supplementary GIDs array --- config.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config.md b/config.md index 88be15d1f..ad180dc8c 100644 --- a/config.md +++ b/config.md @@ -232,7 +232,7 @@ For POSIX platforms the `user` structure has the following fields: * **`additionalGids`** (array of ints, OPTIONAL) specifies additional group IDs in the [container namespace](glossary.md#container-namespace) to be added to the list of supplementary group IDs. On a POSIX platform, processes have both a 'base' GID (as specified in the `gid` field), and an array of supplementary group IDs as described in [IEEE Std 1003.1-2008][ieee-1003.1.2008-xbd-c3.378]. -Runtimes MUST ensure that all group IDs listed defined by `gid` and `additionalGids` are present in the array of supplementary group IDs. +Runtimes MUST ensure that all group IDs specified by `gid` and `additionalGids` are present in the array of supplementary group IDs. Runtimes SHOULD preserve the order of `additionalGids`; when the base GID (as specified in the `gid` field) is absent from `additionalGids`, it SHOULD be positioned at the start of the supplementary group ID array. Entities which create a container using a runtime on a POSIX platform SHOULD duplicate the base GID (as specified in the `gid` field) as `additionalGids[0]`; this maximizes compatibility and consistency when using runtimes that target a previous version of this specification.