opencontainers/runtime-spec
1
0
Fork 0
mirror of https://github.com/opencontainers/runtime-spec.git synced 2026-02-05 09:45:57 +01:00
Code Issues Wiki Activity
1,679 Commits 1 Branch 21 Tags
main
Commit Graph

4 Commits

Author SHA1 Message Date
Antonio Ojea
e935f995dd Define Linux Network Devices (#1271) 
The proposed "netdevices" field provides a declarative way to
specify which host network devices should be moved into a container's
network namespace.

This approach is similar than the existing "devices" field used for block
devices but uses a dictionary keyed by the interface name instead.

The proposed scheme is based on the existing representation of network
device by the `struct net_device`
https://docs.kernel.org/networking/netdevices.html.

This proposal focuses solely on moving existing network devices into
the container namespace. It does not cover the complexities of
network configuration or network interface creation, emphasizing the
separation of device management and network configuration.

Signed-off-by: Antonio Ojea <aojea@google.com>
 2025-04-01 18:56:57 +09:00
Kijima Daigo
d4aa6d8a2d chore: format JSON file make -C schema fmt 
Signed-off-by: Kijima Daigo <norimaking777@gmail.com>
 2024-06-10 22:13:53 +09:00
Rodrigo Campos
f329913c57 features-linux: Expose idmap information 
High level container runtimes sometimes need to know if the OCI runtime
supports idmap mounts or not, as the OCI runtime silently ignores
unknown fields.

This means that if it doesn't support idmap mounts, a container with
userns will be started, without idmap mounts, and the files created on
the volumes will have a "garbage" owner/group. Furthermore, as the
userns mapping is not guaranteed to be stable over time, it will be
completely unusable.

Let's expose idmap support in the features subcommand, so high level
container runtimes use the feature safely.

Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
 2023-08-23 15:38:52 +02:00
Akihiro Suda
689874fc76 Add features.md to formalize the runc features JSON 
Add `features.md` and `features-linux.md`, to formalize the `runc features` JSON that was introduced in runc v1.1.0.

A runtime caller MAY use this JSON to detect the features implemented by the runtime.

The spec corresponds to https://github.com/opencontainers/runc/blob/v1.1.0/types/features/features.go
(opencontainers/runc PR 3296, opencontainers/runc PR 3310)

Differences since runc v1.1.0:
- Add `.linux.intelRdt.enabled` field
- Add `.linux.cgroup.rdma` field
- Add `.linux.seccomp.knownFlags` and `.linux.seccomp.supportedFlags` fields (Implemented in runc PR 3588)

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2023-03-22 04:04:57 +09:00