Skip to content
This repository has been archived by the owner on Mar 28, 2018. It is now read-only.

Limitations

Jump to bottom
Geronimo Orozco edited this page Oct 17, 2016 · 9 revisions

1   Limitations

This is still early code and the OCI standard has not yet reached version 1.0.0, hence there are a few feature gaps, cc-oci-runtime currently supports 1.0.0-rc1.

The page documents those gaps, all of which are being worked on.

1.1   Networking

Basic Networking within the Clear Container is available:

1.1.1   Run a Clear Container using the default docker bridge network

$ sudo docker run -it --net=bridge $image

Or simply:

$ sudo docker run -it $image

1.1.2   Run a Clear Container with networking disabled (only localhost is available)

$ sudo docker run -it --net=none $image

1.1.3   Not supported

--net=host
Doesn't make immediate sense when using a VM. It may be possible to "fake it" well enough for some use cases in the future (#81).
--net=containers
We don't support "joining" an already existing VM at the moment (#82)

1.2   exec

The exec command implemented by runc that allows a new process to run inside a container is not fully implemented.

Note that exec is not (no longer) part of the OCI standard.

1.3   Running a workload as a non-root user/group

The runtime currently ignores the request to run the workload as a non-root user and/or group, defaulting to running as the root user (inside the Clear Container).

1.4   Annotations

OCI Annotations are not currently exposed inside the Clear Container.

1.5   No checkpoint and restore commands

Although the runtime provides stub implementations of these commands, this is currently purely to satisfy Docker - the commands do NOT save/restore the state of the Clear Container.

1.6   Miscellaneous

A complete list of functionality gaps can be found by running the report below:

⚠️ Project now in maintenance mode - see the new runtime ⚠️

Usage

Development

Clone this wiki locally