From c41ea83d8427feb1cad60222ff2b8f3b5186c71b Mon Sep 17 00:00:00 2001 From: "W. Trevor King" Date: Mon, 27 Feb 2017 12:19:20 -0800 Subject: [PATCH] config: Make process optional Since be59415 (Split create and start, 2016-04-01, #384), it's possible for a container process to never execute user-specified code (e.g. you can call 'create', 'kill', 'delete' without calling 'start'). For folks who expect to do that, there's no reason to define process.args. The only other process property required for all platforms is 'cwd', but the runtime's idler code isn't specified in sufficient detail for the configuration author to have an opinion about what its working directory should be. On Linux and Solaris, 'user' is also required for 'uid' and 'gid'. My preferred approach here is to make those optional and define defaults [1,2]: If unset, the runtime will not attempt to manipulate the user ID (e.g. not calling setuid(2) or similar). But the maintainer consensus is that they want those to be explicitly required properties [3,4,5]. With the current spec, one option could be to make process optional (with the idler's working directory unspecified) for OSes besides Linux and Solaris. On Windows, username is optional, but that was likely accidental [6]. So an unspecified 'process' would leave process.cwd and process.user unset. What that means for the implementation-defined container process between 'create' and 'start' is unclear, but clarifying how that is handled is a separate issue [7] independent of whether 'process' is optional or not. [1]: https://github.com/opencontainers/runtime-spec/pull/417#issuecomment-216076069 [2]: https://groups.google.com/a/opencontainers.org/forum/#!topic/dev/DWdystx5X3A Subject: Exposing platform defaults Date: Thu, 14 Jan 2016 15:36:26 -0800 Message-ID: <20160114233625.GN6362@odin.tremily.us> [3]: http://ircbot.wl.linuxfoundation.org/meetings/opencontainers/2016/opencontainers.2016-05-04-17.00.log.html#l-44 [4]: https://github.com/opencontainers/runtime-spec/pull/417#issuecomment-216937010 [5]: https://github.com/opencontainers/runtime-spec/pull/417#issuecomment-216937090 [6]: https://github.com/opencontainers/runtime-spec/issues/618#issuecomment-277105273 [7]: https://github.com/opencontainers/runtime-spec/pull/700 Signed-off-by: W. Trevor King --- config.md | 3 ++- runtime.md | 1 + schema/config-schema.json | 1 - specs-go/config.go | 2 +- 4 files changed, 4 insertions(+), 3 deletions(-) diff --git a/config.md b/config.md index 3c85a9f17..d493e4532 100644 --- a/config.md +++ b/config.md @@ -120,7 +120,8 @@ For Windows, see links for details about [mountvol](http://ss64.com/nt/mountvol. ## Process -**`process`** (object, REQUIRED) specifies the container process. +**`process`** (object, OPTIONAL) specifies the container process. + This property is REQUIRED when [`start`](runtime.md#start) is called. * **`terminal`** (bool, OPTIONAL) specifies whether a terminal is attached to that process, defaults to false. As an example, if set to true on Linux a pseudoterminal pair is allocated for the container process and the pseudoterminal slave is duplicated on the container process's [standard streams][stdin.3]. diff --git a/runtime.md b/runtime.md index e43ad8971..4e44e22e1 100644 --- a/runtime.md +++ b/runtime.md @@ -107,6 +107,7 @@ This operation MUST generate an error if it is not provided the container ID. Attempting to start a container that does not exist MUST generate an error. Attempting to start an already started container MUST have no effect on the container and MUST generate an error. This operation MUST run the user-specified program as specified by [`process`](config.md#process). +This operation MUST generate an error if `process` was not set. Upon successful completion of this operation the `status` property of this container MUST be `running`. diff --git a/schema/config-schema.json b/schema/config-schema.json index 87e46dfef..e4042f44c 100644 --- a/schema/config-schema.json +++ b/schema/config-schema.json @@ -229,7 +229,6 @@ "required": [ "ociVersion", "platform", - "process", "root" ] } diff --git a/specs-go/config.go b/specs-go/config.go index 7919579db..7266baf38 100644 --- a/specs-go/config.go +++ b/specs-go/config.go @@ -9,7 +9,7 @@ type Spec struct { // Platform specifies the configuration's target platform. Platform Platform `json:"platform"` // Process configures the container process. - Process Process `json:"process"` + Process *Process `json:"process,omitempty"` // Root configures the container's root filesystem. Root Root `json:"root"` // Hostname configures the container's hostname.