From 5d437051c796d3386f3f490099b3f8bbc49eea56 Mon Sep 17 00:00:00 2001 From: Gao feng Date: Thu, 10 Sep 2015 17:41:52 +0800 Subject: [PATCH] move the description of user ns mapping and default files to proper file They should stay in runtime not config. Signed-off-by: Gao feng --- config-linux.md | 46 ----------------------------------------- runtime-config-linux.md | 37 +++++++++++++++++++++++++++++++++ runtime-config.md | 9 ++++++++ 3 files changed, 46 insertions(+), 46 deletions(-) diff --git a/config-linux.md b/config-linux.md index 3dee4113b..e26fa3f79 100644 --- a/config-linux.md +++ b/config-linux.md @@ -25,49 +25,3 @@ Its value is either slave, private, or shared. ```json "rootfsPropagation": "slave", ``` - -## User namespace mappings - -```json - "uidMappings": [ - { - "hostID": 1000, - "containerID": 0, - "size": 10 - } - ], - "gidMappings": [ - { - "hostID": 1000, - "containerID": 0, - "size": 10 - } - ] -``` - -uid/gid mappings describe the user namespace mappings from the host to the container. -The mappings represent how the bundle `rootfs` expects the user namespace to be setup and the runtime SHOULD NOT modify the permissions on the rootfs to realize the mapping. -*hostID* is the starting uid/gid on the host to be mapped to *containerID* which is the starting uid/gid in the container and *size* refers to the number of ids to be mapped. -There is a limit of 5 mappings which is the Linux kernel hard limit. - -## Default Devices and File Systems - -The Linux ABI includes both syscalls and several special file paths. -Applications expecting a Linux environment will very likely expect these files paths to be setup correctly. - -The following devices and filesystems MUST be made available in each application's filesystem - -| Path | Type | Notes | -| ------------ | ------ | ------- | -| /proc | [procfs](https://www.kernel.org/doc/Documentation/filesystems/proc.txt) | | -| /sys | [sysfs](https://www.kernel.org/doc/Documentation/filesystems/sysfs.txt) | | -| /dev/null | [device](http://man7.org/linux/man-pages/man4/null.4.html) | | -| /dev/zero | [device](http://man7.org/linux/man-pages/man4/zero.4.html) | | -| /dev/full | [device](http://man7.org/linux/man-pages/man4/full.4.html) | | -| /dev/random | [device](http://man7.org/linux/man-pages/man4/random.4.html) | | -| /dev/urandom | [device](http://man7.org/linux/man-pages/man4/random.4.html) | | -| /dev/tty | [device](http://man7.org/linux/man-pages/man4/tty.4.html) | | -| /dev/console | [device](http://man7.org/linux/man-pages/man4/console.4.html) | | -| /dev/pts | [devpts](https://www.kernel.org/doc/Documentation/filesystems/devpts.txt) | | -| /dev/ptmx | [device](https://www.kernel.org/doc/Documentation/filesystems/devpts.txt) | Bind-mount or symlink of /dev/pts/ptmx | -| /dev/shm | [tmpfs](https://www.kernel.org/doc/Documentation/filesystems/tmpfs.txt) | | diff --git a/runtime-config-linux.md b/runtime-config-linux.md index 2761623e8..58d160137 100644 --- a/runtime-config-linux.md +++ b/runtime-config-linux.md @@ -44,6 +44,30 @@ container via system level IPC. * **user** the container will be able to remap user and group IDs from the host to local users and groups within the container. +## User namespace mappings + +uid/gid mappings describe the user namespace mappings from the host to the container. +The mappings represent how the bundle `rootfs` expects the user namespace to be setup and the runtime SHOULD NOT modify the permissions on the rootfs to realize the mapping. +*hostID* is the starting uid/gid on the host to be mapped to *containerID* which is the starting uid/gid in the container and *size* refers to the number of ids to be mapped. +There is a limit of 5 mappings which is the Linux kernel hard limit. + +```json + "uidMappings": [ + { + "hostID": 1000, + "containerID": 0, + "size": 10 + } + ], + "gidMappings": [ + { + "hostID": 1000, + "containerID": 0, + "size": 10 + } + ] +``` + ## Devices Devices is an array specifying the list of devices to be created in the container. @@ -125,6 +149,19 @@ Next parameters can be specified: ] ``` +Note: The following devices MUST be made available in each Linux application's filesystem + +| Path | Type | Notes | +| ------------ | ------ | ------- | +| /dev/null | [device](http://man7.org/linux/man-pages/man4/null.4.html) | | +| /dev/zero | [device](http://man7.org/linux/man-pages/man4/zero.4.html) | | +| /dev/full | [device](http://man7.org/linux/man-pages/man4/full.4.html) | | +| /dev/random | [device](http://man7.org/linux/man-pages/man4/random.4.html) | | +| /dev/urandom | [device](http://man7.org/linux/man-pages/man4/random.4.html) | | +| /dev/tty | [device](http://man7.org/linux/man-pages/man4/tty.4.html) | | +| /dev/console | [device](http://man7.org/linux/man-pages/man4/console.4.html) | | +| /dev/ptmx | [device](https://www.kernel.org/doc/Documentation/filesystems/devpts.txt) | Bind-mount or symlink of /dev/pts/ptmx | + ## Control groups Also known as cgroups, they are used to restrict resource usage for a container and handle device access. diff --git a/runtime-config.md b/runtime-config.md index de3e82a13..ab8b74348 100644 --- a/runtime-config.md +++ b/runtime-config.md @@ -36,6 +36,15 @@ Only [mounts from the portable config](config.md#mount-points) will be mounted. } } ``` +Note: The following filesystems MUST be made available in each Linux application's filesystem + +| Path | Type | +| ------------ | ------ | +| /proc | [procfs](https://www.kernel.org/doc/Documentation/filesystems/proc.txt) | +| /sys | [sysfs](https://www.kernel.org/doc/Documentation/filesystems/sysfs.txt) | +| /dev/pts | [devpts](https://www.kernel.org/doc/Documentation/filesystems/devpts.txt) | +| /dev/shm | [tmpfs](https://www.kernel.org/doc/Documentation/filesystems/tmpfs.txt) | + *Example (Windows)*