Limitations

Contents

• 1   Limitations
  • 1.1   Networking
    • 1.1.1   Run a Clear Container using the default docker bridge network
    • 1.1.2   Run a Clear Container with networking disabled (only localhost is available)
    • 1.1.3   Unsupported network types
    • 1.1.4   Adding networks dynamically
  • 1.2   Annotations
  • 1.3   No checkpoint and restore commands
  • 1.4   Running interactively in standalone mode
  • 1.5   CPU and memory
  • 1.6   Virtualized environments
  • 1.7   Miscellaneous

1   Limitations

This is still early code and the OCI standard has not yet reached version 1.0.0, hence there are a few feature gaps, cc-oci-runtime currently works with all the 1.0.0 release candidates.

The page documents those gaps, all of which are being worked on.

1.1   Networking

Basic Networking within the Clear Container is available:

1.1.1   Run a Clear Container using the default docker bridge network

$ sudo docker run -it --net=bridge $image

Or simply:

$ sudo docker run -it $image

1.1.2   Run a Clear Container with networking disabled (only localhost is available)

$ sudo docker run -it --net=none $image

1.1.3   Unsupported network types

--net=host

Doesn't make immediate sense when using a VM. It may be possible to "fake it" well enough for some use cases in the future (#81).

--net=containers

We don't support "joining" an already existing VM at the moment (#82)

1.1.4   Adding networks dynamically

The current OCI runtime doesn't support adding networks to an already running container using docker network connect. We currently only setup the VM network configuration with what is defined by the CNM plugin at startup time. It would be possible to watch the networking namespace to discover and propagate new networks at runtime but it's not implemented today (tracked in issue #388).

1.2   Annotations

OCI Annotations are not currently exposed inside the Clear Container.

• See https://github.com/01org/cc-oci-runtime/issues/21

1.3   No checkpoint and restore commands

Although the runtime provides stub implementations of these commands, this is currently purely to satisfy Docker - the commands do NOT save/restore the state of the Clear Container.

• See https://github.com/01org/cc-oci-runtime/issues/22

1.4   Running interactively in standalone mode

When running the runtime in standalone mode with the console set to the current terminal as:

cc-oci-runtime create --bundle "$bundle_dir" --console $(tty) --pid-file "$pidfile" "$name"

causes any sudo operations in the terminal to fail later after the container has finished execution.

• See https://github.com/01org/cc-oci-runtime/issues/571

1.5   CPU and memory

When a container is created the guest memory and CPU configuration is fixed:

• Memory: 2GB
• CPUs: cpus=2,sockets=1,cores=2,threads=1

This default configuration is defined in the file data/hypervisor.args .

Hence, the following items are not supported:

• Unconstrained memory and CPU containers
• docker run -m MEMORY is not supported
• docker run --cpus= is not supported
• docker update

1.6   Virtualized environments

• Run containers under VMware* is not supported. See https://github.com/01org/cc-oci-runtime/issues/666
• Run containers under Hyper-V* is not supported. See https://github.com/01org/cc-oci-runtime/issues/1053

1.7   Miscellaneous

A complete list of functionality gaps can be found by running the report below:

• https://github.com/01org/cc-oci-runtime/issues?utf8=%E2%9C%93&q=is%3Aissue%20is%3Aopen%20label%3Adomain%3AOCI