Skip to content

Commit

Permalink
runtime: Explicitly make process.* timing implementation-defined
Browse files Browse the repository at this point in the history 
Based on IRC discussion today (times in PST) [1]:

  11:36 < crosbymichael> just take a step back and think about it.
    you have a process object in the spec.  its a single object
    defining what to run.  How do you run a process?  you exec its
    args.  From the spec pov its an atomic operation.  in between
    create and start its not running the users code and is left up to
    the runtime.  you either have a process defined by the spec and
    its created as an operation in the container on start or your
    dont.

This means that the caller has no way to set the
user/cwd/capabilities/… of the runtime's container process between
'create' and 'start'.  You could avoid that limitation by requiring
all process properties *except* process.args be applied at
create-time, but my attempt to make process.args optional (which would
have allowed that interpretation without burdening callers who never
intended to call 'start') was rejected in favor of this all-or-nothing
approach to 'process' handling [2].

[1]: http://ircbot.wl.linuxfoundation.org/eavesdrop/%23opencontainers/%23opencontainers.2017-02-27.log.html#t2017-02-27T19:35:35
[2]: opencontainers#620 (comment)

Signed-off-by: W. Trevor King <wking@tremily.us>
  • Loading branch information
@wking
wking committed Feb 27, 2017
1 parent 2d491b0 commit 0963c95
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions runtime.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -93,6 +93,8 @@ Using the data in [`config.json`](config.md), this operation MUST create a new c
This means that all of the resources associated with the container MUST be created, however, the user-specified program MUST NOT be run at this time.
If the runtime cannot create the container as specified in [`config.json`](config.md), it MUST generate an error and a new container MUST NOT be created.

While [`process.args`](config.md#process) MUST NOT be applied until triggered by the [`start`](#start) operation, the application timing of the remaining `process` properties is implementation-defined.

Upon successful completion of this operation the `status` property of this container MUST be `created`.

The runtime MAY validate `config.json` against this spec, either generically or with respect to the local system capabilities, before creating the container ([step 2](#lifecycle)).
Expand Down

0 comments on commit 0963c95

Please sign in to comment.