runtime: Clarify UTS and mount cleanup on 'delete'

Now that d43fc42 (config-linux: Lift no-tweaking namespace restriction, 2017-01-11, opencontainers#649) allows us to get into this sort of situation. This sort of ownership may also apply to other resources (cgroups?), but we can handle them in follow-up PRs. Also drop "Configuration" from the root header. Everything in that file is a configuration. Signed-off-by: W. Trevor King <wking@tremily.us>
wking · Jan 12, 2017 · abf8855 · abf8855
1 parent aad1f38
commit abf8855
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 4 deletions.
diff --git a/config.md b/config.md
@@ -20,7 +20,7 @@ For example, if a configuration is compliant with version 1.1 of this specificat
     "ociVersion": "0.1.0"
 ```
 
-## Root Configuration
+## Root
 
 **`root`** (object, REQUIRED) configures the container's root filesystem.
 
@@ -41,7 +41,7 @@ For example, if a configuration is compliant with version 1.1 of this specificat
 
 ## Mounts
 
-**`mounts`** (array, OPTIONAL) configures additional mounts (on top of [`root`](#root-configuration)).
+**`mounts`** (array, OPTIONAL) configures additional mounts (on top of [`root`](#root)).
 The runtime MUST mount entries in the listed order.
 The parameters are similar to the ones in [the Linux mount system call](http://man7.org/linux/man-pages/man2/mount.2.html).
 For Solaris, the mounts corresponds to fs resource in zonecfg(8).

diff --git a/runtime.md b/runtime.md
@@ -121,11 +121,17 @@ When the process in the container is stopped, irrespective of it being as a resu
 This operation MUST generate an error if it is not provided the container ID.
 Attempting to delete a container that does not exist MUST generate an error.
 Attempting to delete a container whose process is still running MUST generate an error.
-Deleting a container MUST delete the resources that were created during the `create` step.
-Note that resources associated with the container, but not created by this container, MUST NOT be deleted.
 Once a container is deleted its ID MAY be used by a subsequent container.
 
+Deleting a container MUST delete the resources that were created during the `create` step.
+Resources associated with the container, but not created by this container, MUST NOT be deleted.
+
+On Linux, [`mounts`](config.md#mounts), [`root`](config.md#root), [`linux.devices`](config-linux.md#devices), and other filesystem changes belong to the container who created the [container mount namespace][container-namespace3].
+If a container joins an existing mount namespace and applies those settings, the changes will not be reverted by deleted container.
+Similarly [`hostname`](config.md#hostname) changes belong to the container who created the container UTS namespace.
 
 ## Hooks
 Many of the operations specified in this specification have "hooks" that allow for additional actions to be taken before or after each operation.
 See [runtime configuration for hooks](./config.md#hooks) for more information.
+
+[container-namespace3]: glossary.md#container-namespace