diff --git a/config-linux.asc b/config-linux.asc index e346db4d3..572e2e47e 100644 --- a/config-linux.asc +++ b/config-linux.asc @@ -77,10 +77,10 @@ Entries have the following properties: `cgroup`::: the container will have an isolated view of the cgroup hierarchy. `path`:: - (string, OPTIONAL) - path to namespace file in the `<>`. + (string, OPTIONAL) - path to namespace file in the <>. If a path is specified, that particular file is used to join that type of namespace. -If a namespace type is not specified in the `namespaces` array, the container MUST inherit the `<>` of that type. +If a namespace type is not specified in the `namespaces` array, the container MUST inherit the <> of that type. If a new namespace is not created (because the namespace type is not listed, or because it is listed with a `path`), runtimes MUST assume that the setup for that namespace has already been done and error out if the config specifies anything else related to that namespace. If a `namespaces` field contains duplicated namespaces with same `type`, the runtime MUST error out. @@ -808,7 +808,7 @@ Masked Paths `maskedPaths`:: (array of strings, OPTIONAL) will mask over the provided paths inside the container so that they cannot be read. - The values MUST be absolute paths in the `<>`. + The values MUST be absolute paths in the <>. [[linux-maskedPaths-example]] .Example @@ -827,7 +827,7 @@ Readonly Paths `readonlyPaths`:: (array of strings, OPTIONAL) will set the provided paths as readonly inside the container. - The values MUST be absolute paths in the `<>`. + The values MUST be absolute paths in the <>. [[linux-readonlyPaths-example]] .Example diff --git a/config.asc b/config.asc index cca2698dd..ad567adeb 100644 --- a/config.asc +++ b/config.asc @@ -236,13 +236,13 @@ Linux and Solaris User For Linux and Solaris based systems the user structure has the following fields: `uid`:: - (int, REQUIRED) specifies the user ID in the `<>`. + (int, REQUIRED) specifies the user ID in the <>. `gid`:: - (int, REQUIRED) specifies the group ID in the `<>`. + (int, REQUIRED) specifies the group ID in the <>. `additionalGids`:: - (array of ints, OPTIONAL) specifies additional group IDs (in the `<>`) to be added to the process. + (array of ints, OPTIONAL) specifies additional group IDs (in the <>) to be added to the process. [NOTE] Symbolic name for `uid` and `gid`, such as `uname` and `gname` respectively, are left to upper levels to derive (i.e. `/etc/passwd` parsing, NSS, etc.). @@ -455,7 +455,7 @@ Hooks allow one to run code before/after various lifecycle events of the contain Hooks MUST be called in the listed order. The state of the container is passed to the hooks over {stdin-3}[stdin], so the hooks could get the information they need to do their work. -Hook paths are absolute and are executed from the host's filesystem in the `<>`. +Hook paths are absolute and are executed from the host's filesystem in the <>. [[prestart,prestart]] Prestart diff --git a/definitions.asc b/definitions.asc index d51a1215d..65ce831c3 100644 --- a/definitions.asc +++ b/definitions.asc @@ -1,8 +1,11 @@ Definitions ----------- -:rfc2119: http://tools.ietf.org/html/rfc2119 :c99-unspecified: http://www.open-std.org/jtc1/sc22/wg14/www/C99RationaleV5.10.pdf#page=18 +:json: https://tools.ietf.org/html/rfc7159 +:namespaces-7: http://man7.org/linux/man-pages/man7/namespaces.7.html +:rfc2119: http://tools.ietf.org/html/rfc2119 +:utf-8: http://www.unicode.org/versions/Unicode8.0.0/ch03.pdf In the specifications in the above table of contents, the keywords "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" are to be interpreted as described in {rfc2119}[RFC 2119] (Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997). @@ -10,3 +13,29 @@ The keywords "unspecified", "undefined", and "implementation-defined" are to be An implementation is not compliant for a given CPU architecture if it fails to satisfy one or more of the MUST, REQUIRED, or SHALL requirements for the protocols it implements. An implementation is compliant for a given CPU architecture if it satisfies all the MUST, REQUIRED, and SHALL requirements for the protocols it implements. + +[[bundle-definition,bundle]] bundle:: + A <> that is written ahead of time, distributed, and used to seed the runtime for creating a <> and launching a process within it. + +[[config-definition,configuration]] configuration:: + The <> file in a <> which defines the intended <> and container process. + +[[container,container]] container:: + An environment for executing processes with configurable isolation and resource limitations. + For example, namespaces, resource limits, and mounts are all part of the container environment. + +[[container-namespace,container namespace]] container namespace:: + On Linux, a leaf in the {namespaces-7}[namespace] hierarchy in which the <> executes. + +[[json,JSON]] JSON:: + All configuration {json}[JSON] MUST be encoded in {utf-8}[UTF-8]. + JSON objects MUST NOT include duplicate names. + The order of entries in JSON objects is not significant. + +[[runtime-definition,runtime]] runtime:: + An implementation of this specification. + It reads the <> from a <>, uses that information to create a <>, launches a process inside the container, and performs other <>. + +[[runtime-namespace,runtime namespace]] runtime namespace:: + On Linux, a leaf in the {namespaces-7}[namespace] hierarchy from which the <> process is executed. + New <> will be created as children of the runtime namespaces. diff --git a/glossary.md b/glossary.md deleted file mode 100644 index 6287f9d3d..000000000 --- a/glossary.md +++ /dev/null @@ -1,38 +0,0 @@ -# Glossary - -## Bundle - -A [directory structure](bundle.md) that is written ahead of time, distributed, and used to seed the runtime for creating a [container](#container) and launching a process within it. - -## Configuration - -The [`config.json`](config.md) file in a [bundle](#bundle) which defines the intended [container](#container) and container process. - -## Container - -An environment for executing processes with configurable isolation and resource limitations. -For example, namespaces, resource limits, and mounts are all part of the container environment. - -## Container namespace - -On Linux, a leaf in the [namespace][namespaces.7] hierarchy in which the [configured process](config.md#process-configuration) executes. - -## JSON - -All configuration [JSON][] MUST be encoded in [UTF-8][]. -JSON objects MUST NOT include duplicate names. -The order of entries in JSON objects is not significant. - -## Runtime - -An implementation of this specification. -It reads the [configuration files](#configuration) from a [bundle](#bundle), uses that information to create a [container](#container), launches a process inside the container, and performs other [lifecycle actions](runtime.md). - -## Runtime namespace - -On Linux, a leaf in the [namespace][namespaces.7] hierarchy from which the [runtime](#runtime) process is executed. -New container namespaces will be created as children of the runtime namespaces. - -[JSON]: https://tools.ietf.org/html/rfc7159 -[UTF-8]: http://www.unicode.org/versions/Unicode8.0.0/ch03.pdf -[namespaces.7]: http://man7.org/linux/man-pages/man7/namespaces.7.html