Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

config-linux: Consistent header nesting #832

Merged
merged 1 commit into from
May 17, 2017
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
54 changes: 27 additions & 27 deletions config-linux.md
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ The following parameters can be specified to setup namespaces:
If a namespace type is not specified in the `namespaces` array, the container MUST inherit the [runtime namespace](glossary.md#runtime-namespace) of that type.
If a `namespaces` field contains duplicated namespaces with same `type`, the runtime MUST [generate an error](runtime.md#errors).

###### Example
### Example

```json
"namespaces": [
Expand Down Expand Up @@ -88,7 +88,7 @@ Each entry has the following structure:
The runtime SHOULD NOT modify the ownership of referenced filesystems to realize the mapping.
Note that the number of mapping entries MAY be limited by the [kernel][user-namespaces].

###### Example
### Example

```json
"uidMappings": [
Expand Down Expand Up @@ -126,7 +126,7 @@ Each entry has the following structure:

The same `type`, `major` and `minor` SHOULD NOT be used for multiple devices.

###### Example
### Example

```json
"devices": [
Expand All @@ -151,7 +151,7 @@ The same `type`, `major` and `minor` SHOULD NOT be used for multiple devices.
]
```

###### <a name="configLinuxDefaultDevices" />Default Devices
### <a name="configLinuxDefaultDevices" />Default Devices

In addition to any devices configured with this setting, the runtime MUST also supply:

Expand Down Expand Up @@ -191,7 +191,7 @@ For example, to run a new process in an existing container without updating limi

Runtimes MAY attach the container process to additional cgroup controllers beyond those necessary to fulfill the `resources` settings.

###### Example
### Example

```json
"cgroupsPath": "/myRuntime/myContainer",
Expand All @@ -209,7 +209,7 @@ Runtimes MAY attach the container process to additional cgroup controllers beyon
}
```

#### <a name="configLinuxDeviceWhitelist" />Device whitelist
### <a name="configLinuxDeviceWhitelist" />Device whitelist

**`devices`** (array of objects, OPTIONAL) configures the [device whitelist][cgroup-v1-devices].
The runtime MUST apply entries in the listed order.
Expand All @@ -224,7 +224,7 @@ Each entry has the following structure:
* **`access`** *(string, OPTIONAL)* - cgroup permissions for device.
A composition of `r` (read), `w` (write), and `m` (mknod).

###### Example
#### Example

```json
"devices": [
Expand All @@ -249,7 +249,7 @@ Each entry has the following structure:
]
```

#### <a name="configLinuxDisableOutOfMemoryKiller" />Disable out-of-memory killer
### <a name="configLinuxDisableOutOfMemoryKiller" />Disable out-of-memory killer

`disableOOMKiller` contains a boolean (`true` or `false`) that enables or disables the Out of Memory killer for a cgroup.
If enabled (`false`), tasks that attempt to consume more memory than they are allowed are immediately killed by the OOM killer.
Expand All @@ -259,13 +259,13 @@ For more information, see the kernel cgroups documentation about [memory][cgroup

* **`disableOOMKiller`** *(bool, OPTIONAL)* - enables or disables the OOM killer

###### Example
#### Example

```json
"disableOOMKiller": false
```

#### <a name="configLinuxMemory" />Memory
### <a name="configLinuxMemory" />Memory

**`memory`** (object, OPTIONAL) represents the cgroup subsystem `memory` and it's used to set limits on the container's memory usage.
For more information, see the kernel cgroups documentation about [memory][cgroup-v1-memory].
Expand All @@ -284,7 +284,7 @@ The following parameters can be specified to setup the controller:

* **`swappiness`** *(uint64, OPTIONAL)* - sets swappiness parameter of vmscan (See sysctl's vm.swappiness)

###### Example
#### Example

```json
"memory": {
Expand All @@ -297,7 +297,7 @@ The following parameters can be specified to setup the controller:
}
```

#### <a name="configLinuxCPU" />CPU
### <a name="configLinuxCPU" />CPU

**`cpu`** (object, OPTIONAL) represents the cgroup subsystems `cpu` and `cpusets`.
For more information, see the kernel cgroups documentation about [cpusets][cgroup-v1-cpusets].
Expand All @@ -318,7 +318,7 @@ The following parameters can be specified to setup the controller:

* **`mems`** *(string, OPTIONAL)* - list of Memory Nodes the container will run in

###### Example
#### Example

```json
"cpu": {
Expand All @@ -332,7 +332,7 @@ The following parameters can be specified to setup the controller:
}
```

#### <a name="configLinuxBlockIO" />Block IO
### <a name="configLinuxBlockIO" />Block IO

**`blockIO`** (object, OPTIONAL) represents the cgroup subsystem `blkio` which implements the block IO controller.
For more information, see the kernel cgroups documentation about [blkio][cgroup-v1-blkio].
Expand All @@ -355,7 +355,7 @@ The following parameters can be specified to setup the controller:
* **`major, minor`** *(int64, REQUIRED)* - major, minor numbers for device. More info in [mknod(1)][mknod.1] man page.
* **`rate`** *(uint64, REQUIRED)* - IO rate limit for the device

###### Example
#### Example

```json
"blockIO": {
Expand Down Expand Up @@ -391,7 +391,7 @@ The following parameters can be specified to setup the controller:
}
```

#### <a name="configLinuxHugePageLimits" />Huge page limits
### <a name="configLinuxHugePageLimits" />Huge page limits

**`hugepageLimits`** (array of objects, OPTIONAL) represents the `hugetlb` controller which allows to limit the
HugeTLB usage per control group and enforces the controller limit during page fault.
Expand All @@ -403,7 +403,7 @@ Each entry has the following structure:

* **`limit`** *(uint64, REQUIRED)* - limit in bytes of *hugepagesize* HugeTLB usage

###### Example
#### Example

```json
"hugepageLimits": [
Expand All @@ -414,7 +414,7 @@ Each entry has the following structure:
]
```

#### <a name="configLinuxNetwork" />Network
### <a name="configLinuxNetwork" />Network

**`network`** (object, OPTIONAL) represents the cgroup subsystems `net_cls` and `net_prio`.
For more information, see the kernel cgroups documentations about [net\_cls cgroup][cgroup-v1-net-cls] and [net\_prio cgroup][cgroup-v1-net-prio].
Expand All @@ -428,7 +428,7 @@ The following parameters can be specified to setup the controller:
* **`name`** *(string, REQUIRED)* - interface name in [runtime network namespace](glossary.md#runtime-namespace)
* **`priority`** *(uint32, REQUIRED)* - priority applied to the interface

###### Example
#### Example

```json
"network": {
Expand All @@ -446,7 +446,7 @@ The following parameters can be specified to setup the controller:
}
```

#### <a name="configLinuxPIDS" />PIDs
### <a name="configLinuxPIDS" />PIDs

**`pids`** (object, OPTIONAL) represents the cgroup subsystem `pids`.
For more information, see the kernel cgroups documentation about [pids][cgroup-v1-pids].
Expand All @@ -455,7 +455,7 @@ The following parameters can be specified to setup the controller:

* **`limit`** *(int64, REQUIRED)* - specifies the maximum number of tasks in the cgroup

###### Example
#### Example

```json
"pids": {
Expand Down Expand Up @@ -496,7 +496,7 @@ Tasks inside the container only have access to the "upper" 80% of L3 cache id 0
**`sysctl`** (object, OPTIONAL) allows kernel parameters to be modified at runtime for the container.
For more information, see the [sysctl(8)][sysctl.8] man page.

###### Example
### Example

```json
"sysctl": {
Expand Down Expand Up @@ -580,7 +580,7 @@ The following parameters can be specified to setup seccomp:
* `SCMP_CMP_GT`
* `SCMP_CMP_MASKED_EQ`

###### Example
### Example

```json
"seccomp": {
Expand All @@ -607,7 +607,7 @@ The following parameters can be specified to setup seccomp:
Its value is either slave, private, shared or unbindable.
The [Shared Subtrees][sharedsubtree] article in the kernel documentation has more information about mount propagation.

###### Example
### Example

```json
"rootfsPropagation": "slave",
Expand All @@ -618,7 +618,7 @@ The [Shared Subtrees][sharedsubtree] article in the kernel documentation has mor
**`maskedPaths`** (array of strings, OPTIONAL) will mask over the provided paths inside the container so that they cannot be read.
The values MUST be absolute paths in the [container namespace](glossary.md#container_namespace).

###### Example
### Example

```json
"maskedPaths": [
Expand All @@ -631,7 +631,7 @@ The values MUST be absolute paths in the [container namespace](glossary.md#conta
**`readonlyPaths`** (array of strings, OPTIONAL) will set the provided paths as readonly inside the container.
The values MUST be absolute paths in the [container namespace](glossary.md#container-namespace).

###### Example
### Example

```json
"readonlyPaths": [
Expand All @@ -643,7 +643,7 @@ The values MUST be absolute paths in the [container namespace](glossary.md#conta

**`mountLabel`** (string, OPTIONAL) will set the Selinux context for the mounts in the container.

###### Example
### Example

```json
"mountLabel": "system_u:object_r:svirt_sandbox_file_t:s0:c715,c811"
Expand Down