nmbug-oci.git
8 years agoOpt-out for /sys and /proc
W. Trevor King [Thu, 31 Dec 2015 21:27:30 +0000 (13:27 -0800)]
Opt-out for /sys and /proc

I still feel like these should be opt-in, but the consensus is that
they should be opt-out [1].  That is currently blocking on suggested
syntax around that opt-out.  My suggestion [1] was to borrow the
maskedPaths syntax from [2], but I haven't heard any direct responses
to that.

[1]: Message-ID: <20151216215513.GG25571@odin.tremily.us>
     Subject: Re: Linux: Don't mount /sys and /proc (i.e. rolling back specs#164)
     Date: Wed, 16 Dec 2015 13:55:13 -0800
[2]: https://github.com/opencontainers/specs/pull/186
     Subject: Masked paths setting in the container

8 years agoAdopted charter issues
W. Trevor King [Thu, 31 Dec 2015 20:59:17 +0000 (12:59 -0800)]
Adopted charter issues

I posted these messages pointing out issues I see in the charter after
its adoption was announced [1].  The opencontainers/web repository has
not been updated since 2015-07-24, and Vincent suggests it may be dead
[2].  I asked how I should submit changes [3], and have not received a
reply.

Before adoption, folks who belonged to a member company were suggested
to go through their company representative, and folks without a member
company were recommended to contact Mike Dolan
<mdolan@linuxfoundation.org>.  However, Rob Dolin contacted me shortly
after that meeting asking for pointers to my opencontainers/web pull
requests, and most of those ended up landing in some form or other in
the adopted charter.

I'll probably wait until we elect a TOB and ping them, but
until then I'll tag these issues to reduce the likelyhood of duplicate
reports.

[1]: Message-ID: <CAN6Zp5xR+TY2YnpyGmcsmnDOXfm9JBuaYPjaUEWU+zpAfrseVg@mail.gmail.com>
     Subject: OCI News
     Date: Tue, 08 Dec 2015 10:01:59 -0500
[2]: Message-ID: <CAN6Zp5wQQ8fGpXkri65xitJ2iEf2p8CEGo5gy2v5=K=gKkU-SA@mail.gmail.com>
     Subject: Re: OCI News (official charter)
     Date: Tue, 08 Dec 2015 11:58:23 -0500
[3]: Message-ID: <20151208194504.GD2767@odin.tremily.us>
     Subject: Re: OCI News (official charter)
     Date: Tue, 08 Dec 2015 11:45:04 -0800
[4]: http://ircbot.wl.linuxfoundation.org/meetings/opencontainers/2015/opencontainers.2015-09-30-17.00.log.html#l-59

8 years agoAdding the PID namespace inode to state JSON
W. Trevor King [Thu, 31 Dec 2015 16:55:21 +0000 (08:55 -0800)]
Adding the PID namespace inode to state JSON

8 years agoLabels and extension metadata
W. Trevor King [Thu, 31 Dec 2015 04:22:12 +0000 (20:22 -0800)]
Labels and extension metadata

This thread came from an issue that is still open [1], so I'm tagging
it.  My personal feeling is still "this is out-of-scope, use an
orthogonal spec and load it in as arbitrary bundle content [2]" [3].
But the issue is still alive and fluxy, and I was just talking about
it with Vincent in #opencontainers on 2015-12-18.

[1]: https://github.com/opencontainers/specs/issues/108
[2]: Message-ID: <20150826195447.GX21585@odin.tremily.us>
     Subject: Dropping the rootfs requirement and restoring arbitrary bundle content
     Date: Wed, 26 Aug 2015 12:54:47 -0700

8 years agoRecording style and policy in opencontainers/specs
W. Trevor King [Wed, 30 Dec 2015 05:07:19 +0000 (21:07 -0800)]
Recording style and policy in opencontainers/specs

Add the pull-request tag now that I've filed [1].

I'm not sure if the feature tag fits all that well, but we need it to
show up in the current status-config.json filters.

[1]: https://github.com/opencontainers/specs/pull/287

8 years agoDefining "container" and "container processes" on Linux
W. Trevor King [Wed, 30 Dec 2015 00:18:44 +0000 (16:18 -0800)]
Defining "container" and "container processes" on Linux

We'll need something like this for the signal/pause/resume actions
briefly referenced in the landed lifecycle [1].  See also the
discussion around stop action implementation [2].

[1]: https://github.com/opencontainers/specs/pull/231/files#diff-b84a8d65d8ed53f4794cd2db7e8ea731R48
[2]: https://github.com/opencontainers/specs/pull/225/files#r41900150

8 years agoLive Container Updates
W. Trevor King [Tue, 29 Dec 2015 19:21:09 +0000 (11:21 -0800)]
Live Container Updates

Tag this thread, which is in the early stages of collecting a thought
that has been kicking around informally for a while (e.g. lots of
"yeah, that would be nice" comments in meetings [1,2]).

[1]: https://github.com/opencontainers/specs/wiki/MeetingMinutes:-2015-07-22#topics-to-discuss
[2]: https://github.com/opencontainers/specs/pull/230/files#diff-38574c080d4e2eb38c49b86e6588ad98R50

8 years agoremoval of /run/opencontainer/containers
W. Trevor King [Tue, 29 Dec 2015 19:18:03 +0000 (11:18 -0800)]
removal of /run/opencontainer/containers

Tag this thread, which has an external-repo command line API
suggestion in [1].

[1]: https://github.com/wking/oci-command-line-api/pull/14

8 years agoSingle, unified config file
W. Trevor King [Tue, 29 Dec 2015 19:15:42 +0000 (11:15 -0800)]
Single, unified config file

Tag this thread, which didn't get any pushback, and is now a pull
request [1].

[1]: https://github.com/opencontainers/specs/pull/284

8 years agoMake runtime cgroups optional
W. Trevor King [Tue, 29 Dec 2015 19:10:26 +0000 (11:10 -0800)]
Make runtime cgroups optional

This allows folks to develop other cgroup managers outside of the
runtimes, which is a prerequisite for cgroup removal [1].  I feel like
there's a consensus on this issue, so I filed a pull-request [2], but
it was punted back to the list [3].

[1]: Message-ID: <CAD2oYtO1RMCcUp52w-xXemzDTs+J6t4hS5Mm4mX+uBnVONGDfA@mail.gmail.com>
     Subject: removal of cgroups from the OCI Linux spec
[2]: https://github.com/opencontainers/specs/pull/237
[3]: https://github.com/opencontainers/specs/pull/237#issuecomment-152294240

8 years agoremoval of cgroups from the OCI Linux spec
W. Trevor King [Tue, 29 Dec 2015 19:02:11 +0000 (11:02 -0800)]
removal of cgroups from the OCI Linux spec

Tag this thread.  The current consensus seems to be "that may be a
good idea, but we want a solid replacement before pulling the current
requirements" [1].

[1]: Message-ID: <20151223162834.GK9470@odin.tremily.us>
     Subject: Re: Live Container Updates
     Date: Wed, 23 Dec 2015 08:28:34 -0800

8 years agoHash Algorithms and Performance
W. Trevor King [Tue, 29 Dec 2015 18:59:33 +0000 (10:59 -0800)]
Hash Algorithms and Performance

Tag the thread discussing SHA-256 vs. SHA-512 benchmarks, in case the
verification discussion gets back to that level of detail (I hope it
doesn't ;).  The resolution for that thread was that SHA-512 is still
faster [1].

[1]: Message-ID: <CAFi6z1Eb4K0eppRq1rG08jOfniq2RfognSuczeQfo2TNxu06Kg@mail.gmail.com>

8 years agoOCI Bundle Digests Summary
W. Trevor King [Tue, 29 Dec 2015 18:57:48 +0000 (10:57 -0800)]
OCI Bundle Digests Summary

Tag the fourth verification thread, marking the third thread as
obsolete.

8 years agoSeparate config entries for device mknod and cgroups
W. Trevor King [Tue, 29 Dec 2015 18:50:23 +0000 (10:50 -0800)]
Separate config entries for device mknod and cgroups

I filed a PR to keep this separate [1], but it was closed after [2]
landed.  See also [3], where I point out that putting the mknod stuff
in the “control groups” section is awkward.

[1]: https://github.com/opencontainers/specs/pull/99
     Add linux.resources.devices
[2]: https://github.com/opencontainers/specs/pull/94
     Replace Linux.Device with more specific config
[3]: https://github.com/opencontainers/specs/pull/171#discussion_r41190655
     move the description of user ns mapping and default files to proper file

8 years agoDocumenting container lifecycles
W. Trevor King [Tue, 29 Dec 2015 18:32:58 +0000 (10:32 -0800)]
Documenting container lifecycles

Initial work landed in [1], but it doesn't get into the order of the
setup process or explain how pause/resume/signalling work [2].  If we
don't figure these things out ahead of time, I expect we'll have to
figure them out in order to land compliance testing.

[1]: https://github.com/opencontainers/specs/pull/231
[2]: https://github.com/opencontainers/specs/pull/231/files#r46735313

8 years agoRecording style and policy in opencontainers/specs
W. Trevor King [Tue, 29 Dec 2015 18:26:36 +0000 (10:26 -0800)]
Recording style and policy in opencontainers/specs

Tag this thread for documenting existing decisions to avoid rehashing
settled issues in the absence of new arguments.  See also [1].

[1]: https://github.com/opencontainers/specs/issues/273

8 years agoVersioning specs in the face of ambiguity
W. Trevor King [Tue, 29 Dec 2015 18:22:43 +0000 (10:22 -0800)]
Versioning specs in the face of ambiguity

Tag the thread about how we intend to version the spec.  See
additional version discussion in [1,2,3,4,5].

[1]: Subject: Re: Initial Draft Release
     Date: Fri, 11 Sep 2015 13:58:08 -0700
     Message-ID: <20150911205808.GC5912@odin.tremily.us>
[2]: https://github.com/opencontainers/specs/issues/183
     New v0.1.1 tag doesn't match v0.1.0 in version.go
[3]: https://github.com/opencontainers/specs/pull/253
     Clarify backwards compatibility for major version 0
[4]: https://github.com/opencontainers/specs/pull/194
     Correct version from 0.1.0 to 0.1.1
[5]: https://github.com/opencontainers/specs/pull/278
     Project: document release process

8 years agoHashing and verifying a bundle
W. Trevor King [Tue, 29 Dec 2015 18:21:09 +0000 (10:21 -0800)]
Hashing and verifying a bundle

Tag the third verification thread, marking the second thread as
obsolete.

8 years agodistributable and decentralized values
W. Trevor King [Tue, 29 Dec 2015 18:19:43 +0000 (10:19 -0800)]
distributable and decentralized values

Tag the second distribution thread, marking the old thread as
obsolete.

8 years agoappc + oci harmonization progress
W. Trevor King [Tue, 29 Dec 2015 18:18:17 +0000 (10:18 -0800)]
appc + oci harmonization progress

Tag the initial distribution-disussing thread.

8 years agoDropping the rootfs requirement and restoring arbitrary bundle content
W. Trevor King [Tue, 29 Dec 2015 18:11:49 +0000 (10:11 -0800)]
Dropping the rootfs requirement and restoring arbitrary bundle content

Tag this thread, which allows for bundles that don't pivot-root, and
allows bundle authors to distribute additional content.  However, the
root filesystem requirement is enshrined in the adopted charter [1,2],
so the 'charter' tag flags it for TOB action once we get a TOB.

[1]: https://www.opencontainers.org/governance
[2]: Message-ID: <20150826195447.GX21585@odin.tremily.us>

8 years agoSpecifying the runtime's command-line interface
W. Trevor King [Tue, 29 Dec 2015 17:51:24 +0000 (09:51 -0800)]
Specifying the runtime's command-line interface

Tag this thread, which adds a feature (basic usability) for runtime
callers.  There is implementation work in [1], but no formal
references to that from opencontainers/specs until we pick up
sufficient runtime mass.

[1]: https://github.com/wking/oci-command-line-api

8 years agoStart a new nmbug repository
W. Trevor King [Tue, 29 Dec 2015 05:35:17 +0000 (21:35 -0800)]
Start a new nmbug repository