Platform annotations on Process struct
#564
Conversation
| @@ -40,13 +40,12 @@ type Process struct { | |||
| // Cwd is the current working directory for the process and must be | |||
| // relative to the container's root. | |||
| Cwd string `json:"cwd"` | |||
| // Capabilities are Linux capabilities that are kept for the container. | |||
| // Capabilities are Linux capabilities that are kept for the container. (this field is platform dependent) | |||
| Capabilities []string `json:"capabilities,omitempty" platform:"linux"` | |||
There was a problem hiding this comment.
Doesn't the platform:"linux" tag already cover the “this field is platform dependent” idea?
There was a problem hiding this comment.
Consistency. It's all over this file whenever a platform annotation is present.
| // Rlimits specifies rlimit options to apply to the process. (this field is platform dependent) | ||
| Rlimits []Rlimit `json:"rlimits,omitempty" platform:"linux,solaris"` | ||
| // NoNewPrivileges controls whether additional privileges could be gained by processes in the container. (this field is platform dependent) | ||
| NoNewPrivileges bool `json:"noNewPrivileges,omitempty" platform:"linux,solaris"` |
There was a problem hiding this comment.
I don't think that these Rlimits or NoNewPrivileges are on Solaris. And we can probably wait for Solaris folks to pipe up if they are, instead of adding them here and waiting for Solaris folks to pipe up to re-remove them ;).
There was a problem hiding this comment.
@anuthan - Could you comment on the use (or lack of) of Rlimits and NoNewCapabilities on Solaris? Thanks 😄
There was a problem hiding this comment.
Solaris doesn't have Rlimits and NoNewPrivileges . Safe to remove :)
There was a problem hiding this comment.
@anuthan Thanks for confirming! Removed.
|
On Wed, Sep 14, 2016 at 01:51:28PM -0700, John Howard wrote:
+1 for consistency. How do folks feel about consistently removing |
|
@wking - Yes, it all does seem more than a tad superfluous IMO. But that said, it's still a little orthogonal to this PR itself 😇 |
|
On Wed, Sep 14, 2016 at 02:44:53PM -0700, John Howard wrote:
This PR does two things (as of 103926f): a. Add ‘solaris’ to some ‘platform’ tags. I think we want to drop (a) 1, but am fine waiting on Solaris-dev If this PR is just about (a), I'm happy to file my other-(b) as a |
|
@wking - Let's try and keep these two things independent, and handle the go comments as a separate issue/PR. I think that will be cleaner in the long run. |
|
LGTM |
|
(side note: we ought to define these tags somewhere) |
|
On Thu, Sep 15, 2016 at 07:28:19AM -0700, Vincent Batts wrote:
Really? Solaris does use these fields? And I agree we should define the tags. We already have the |
Signed-off-by: John Howard <jhoward@microsoft.com>
lowenna
force-pushed
the
jjh/processplatformtags
branch
from
103926f to
ce3ac33
Compare
|
LGTM |
|
What's the process for full approval and merging in this repo? There's two LGTMs above, but I'm not sure if more are still required - it appears it does from above, but I'm not sure why. Forgive my ignorance 😇 |
|
@jhowardmsft We have a |
|
Ah, I see. Thanks for confirming 😄 |
|
LGTM |
Rlimits do not need either ordering or repeat entries for a single type. While come JSON libraries preserve object key order or allow repeats, there are many JSON libraries which do not (e.g. Python and JavaScript both parse JSON objects into hash tables). Using objects here reinforces the unimportance of ordering or repeated entries. Also add Solaris support. I'm not entirely clear on this, because while Solaris is POSIX-certified system and there is a Solaris man page for setrlimit, Abhijeeth claims no Solaris support for rlimits [1]. The additionalProperties object bit comes from [2], although it is not documented in draft 4 of the JSON Schema RFC [3]. [1]: opencontainers#564 (comment) [2]: https://spacetelescope.github.io/understanding-json-schema/reference/object.html#properties [3]: https://tools.ietf.org/html/draft-zyp-json-schema-04 Signed-off-by: W. Trevor King <wking@tremily.us>
Rlimits do not need either ordering or repeat entries for a single type. While come JSON libraries preserve object key order or allow repeats, there are many JSON libraries which do not (e.g. Python and JavaScript both parse JSON objects into hash tables). Using objects here reinforces the unimportance of ordering or repeated entries. Also add Solaris support. I'm not entirely clear on this, because while Solaris is POSIX-certified system and there is a Solaris man page for setrlimit, Abhijeeth claims no Solaris support for rlimits [1]. The additionalProperties object bit comes from [2], although it is not documented in draft 4 of the JSON Schema RFC [3]. [1]: opencontainers#564 (comment) [2]: https://spacetelescope.github.io/understanding-json-schema/reference/object.html#properties [3]: https://tools.ietf.org/html/draft-zyp-json-schema-04 Signed-off-by: W. Trevor King <wking@tremily.us>
Rlimits do not need either ordering or repeat entries for a single type. Using an object leans on the new wording from eeaccfa (glossary: Make objects explicitly unordered and forbid duplicate names, 2016-09-27, opencontainers#584) to make both of those points explicit. Also add Solaris support. I'm not entirely clear on this, because while Solaris is POSIX-certified system and there is a Solaris man page for setrlimit, Abhijeeth claims no Solaris support for rlimits [1]. The additionalProperties object bit comes from [2,3], although it is not documented in draft 4 of the JSON Schema RFC [4]. [1]: opencontainers#564 (comment) [2]: https://spacetelescope.github.io/understanding-json-schema/reference/object.html#properties [3]: https://tools.ietf.org/html/draft-wright-json-schema-validation-00#section-5.18 [4]: https://tools.ietf.org/html/draft-zyp-json-schema-04 Signed-off-by: W. Trevor King <wking@tremily.us>
Rlimits do not need either ordering or repeat entries for a single type. Using an object leans on the new wording from eeaccfa (glossary: Make objects explicitly unordered and forbid duplicate names, 2016-09-27, opencontainers#584) to make both of those points explicit. Also add Solaris support. I'm not entirely clear on this, because while Solaris is POSIX-certified system and there is a Solaris man page for setrlimit, Abhijeeth claims no Solaris support for rlimits [1]. The additionalProperties object bit comes from [2,3], although it is not documented in draft 4 of the JSON Schema RFC [4]. [1]: opencontainers#564 (comment) [2]: https://spacetelescope.github.io/understanding-json-schema/reference/object.html#properties [3]: https://tools.ietf.org/html/draft-wright-json-schema-validation-00#section-5.18 [4]: https://tools.ietf.org/html/draft-zyp-json-schema-04 Signed-off-by: W. Trevor King <wking@tremily.us>
Signed-off-by: John Howard jhoward@microsoft.com
Extracting pieces from the proof of concept PR for Windows OCI support at #504. This PR tidies up the
Processstructure by putting annotations for platform support onCapabilities,RlimitsandNoNewPrivileges, none of which are used onWindows. In addition, it removes what appears to be an erroneous blank line that appeared to serve no purpose.Note I'm assuming (probably incorrectly 😇) , that
RlimitsandNoNewPrivilegesare also relevant onSolaristoo, but I'm not sure. If that is incorrect, I will update the PR to remove thesolarisannotation.