Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Tracker] Live Container Updates #305

Closed
vbatts opened this issue Jan 13, 2016 · 2 comments
Closed

[Tracker] Live Container Updates #305

vbatts opened this issue Jan 13, 2016 · 2 comments
Assignees
@hqhq
Milestone
2.0.0

Comments

@vbatts
Copy link
Member

vbatts commented Jan 13, 2016

https://github.com/opencontainers/specs/blob/master/ROADMAP.md#live-container-updates

This needs to be an optional feature.
and per the life-cycle discussions, this is left to the operator where hooks that would happen after the "start" action of the container.
@vbatts vbatts assigned vbatts and hqhq and unassigned vbatts Jan 13, 2016
@hqhq
Copy link
Contributor

hqhq commented Jan 14, 2016

Related discussion: https://groups.google.com/a/opencontainers.org/forum/#!topic/dev/mWZVREVL9T8

@wking wking mentioned this issue Jun 16, 2016
Closed
@wking
Copy link
Contributor

wking commented Aug 13, 2016 via email

@wking wking mentioned this issue Aug 24, 2016
Closed
wking added a commit to wking/opencontainer-runtime-spec that referenced this issue Aug 24, 2016
@wking
config-linux: Extend no-tweak requirement to runtime namespaces
01c2d55 
Since [1] we've required runtimes to error out if a configuration
joins an existing namespace and adjusts it somehow (e.g. joining an
existing UTC namespace and setting 'hostname', [2]).  However, the
wording from [1] (which survives untouched in the current master) only
talked about "when a path is specified".  I see two possible
approaches for internal consistency:

a. Lift the OCI restriction and allow join-and-tweak [3] where the
   kernel supports it.  When we landed the current restriction, the
   main issues seemed to be "we don't have a clear use-case for join
   and tweak" [4] (although see [5]) and "this is a foot gun [6,7]"
   (I'd rather leave policy to higher-level config linters).

b. Extend the OCI restriction to all cases where the runtime does not
   create a new namespace.  Besides the already covered "namespace
   entry exists and includes 'path'", we'd also want to forbid configs
   that were missing the relevant namespace(s) entirely (in which case
   the container inherits the host namespace(s)).

I'm partial to (a) in the long run, but (b) is less of a shift from
the current spec and likely a better choice for a pending 1.0.

This commit implements (b).

It also makes it explicit that not listing a namespace type will cause
the container to inherit the runtime namespace of that type.

[1]: opencontainers#158
     Subject: Clarify behavior around namespaces paths
[2]: opencontainers#214
     Subject: config: Require a new UTS namespace for config.json's hostname
[3]: opencontainers#158 (comment)
[4]: opencontainers#158 (comment)
[5]: opencontainers#305
     Subject: [Tracker] Live Container Updates
[6]: opencontainers#158 (comment)
[7]: opencontainers#537 (comment)
     Subject: [linux] Tweaking host namespaces?

Signed-off-by: W. Trevor King <wking@tremily.us>
@wking wking mentioned this issue Aug 26, 2016
Closed
@wking wking mentioned this issue Sep 18, 2016
Merged
@hqhq hqhq added this to the 2.0.0 milestone Dec 24, 2016
@wking wking mentioned this issue Jan 11, 2017
Merged
@mikebrow mikebrow mentioned this issue Feb 3, 2017
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@hqhq hqhq

Labels
None yet
Projects
None yet
Milestone
2.0.0
Development

No branches or pull requests
3 participants
@vbatts @wking @hqhq