From 298945d79af1b1003111df8311d3c158ea4a46f2 Mon Sep 17 00:00:00 2001
From: b <b@b3k.us>
Date: Mon, 9 Mar 2015 15:58:56 -0700
Subject: [PATCH] Add field to specify whether an isolator is required for
 execution

---
 SPEC.md | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/SPEC.md b/SPEC.md
index 5c22d245..f32747f2 100644
--- a/SPEC.md
+++ b/SPEC.md
@@ -206,9 +206,11 @@ Some well known isolators can be verified by the specification.
 Additional isolators will be added to this specification over time.
 
 An isolator is a standalone JSON object with only one required field: "name".
-All other fields are specific to the isolator.
+All other fields are optional or specific to the isolator.
 
-An executor MAY ignore isolators that it does not understand and run the container without them.
+An isolator MAY include a field named "required". If the "required" field is present and has value "true" then an executor MUST either enforce the isolator or refuse to execute the container and return an error. A missing "required" field is treated as a value of "false".
+
+An executor MAY ignore isolators that it does not understand and run the container without them as long as those isolators do not have "required" set to "true.
 But, an executor MUST make information about which isolators were ignored, enforced or modified available to the user.
 An executor MAY implement a "strict mode" where an image cannot run unless all isolators are in place.