forked from opencontainers/runtime-spec
-
Notifications
You must be signed in to change notification settings - Fork 0
/
ChangeLog
864 lines (763 loc) · 36 KB
/
ChangeLog
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
OpenContainers Specifications
Changes with v1.2.0:
Additions:
* config: add idmap and ridmap mount options (#1222)
* config.md: allow empty mappings for [r]idmap (#1224)
* features-linux: Expose idmap information (#1219)
* mount: Allow relative mount destinations on Linux (#1225)
* features: add potentiallyUnsafeConfigAnnotations (#1205)
* config: add support for org.opencontainers.image annotations #1197
Minor fixes:
* config: improve bind mount and propagation doc (#1228)
Documentation, CI & Governance:
* fix link to hooks in features (#1226)
* specs-go: add missing deprecation comment for Hooks.Prestart (#1232)
* specs-go: mark LinuxMemory.Kernel as deprecated ()#1233)
Changes with v1.1.0:
Breaking changes (but rather conforms to the existing runc implementation):
* config: change prestart hook spec to match reality (#1169)
Deprecations:
* config-linux: mark memory.kernel[TCP] as NOT RECOMMENDED (#1093)
Additions:
* cgroup: add cgroup v2 support (#1040)
* seccomp: allow to override errno return code (#1041)
* seccomp: Add support for SCMP_ACT_KILL_PROCESS (#1044)
* Update seccomp architectures to support RISCV64 (#1059)
* Add support for SCMP_ACT_KILL_THREAD (#1064)
* Add Seccomp Notify support using UNIX sockets and container metadata (#1074)
* config-linux: Add Intel RDT CMT and MBM Linux support (#1076)
* seccomp: allow to override default errno return code (#1087)
* Introduce zos as platform (#1095)
* config-linux: add idle option for container cgroup (#1136)
* config-linux: add CFS bandwidth burst (#1120)
* IDMapping field for mount point (#1143)
* schema: add cpu idle (#1145)
* add domainname spec entity (#1156)
* config-linux: add memory.checkBeforeUpdate (#1158)
* seccomp: Add flag SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV (#1161)
* config-linux: add support for rsvd hugetlb cgroup (#1116)
* features: add `features.md` to formalize the `runc features` JSON (#1130)
* config-linux: add support for time namespace (#1151)
* config: add scheduler entity (#1188)
* config: Add I/O Priority Configuration for process group in Linux Containers (#1191)
Minor fixes:
* seccomp: fix go-specs for errnoRet (#1042)
* Define State for container and runtime namespace (#1045)
* Add State status constants to spec-go (#1046)
* config.go: make umask a pointer (#1058)
* Update State structure to use the new ContainerState type (#1056)
* Fix int64 and uint64 type value ranges (#1060)
* Fix seccomp notify inconsistencies (#1096)
* runtime should WARN / ignore capabilities that cannot be granted (#1094)
* config-linux: clarify the handling of ClosID RDT parameter (#1104)
* defs-zos: [Fix] prevent schema parsers from hitting recursion-loop while resolving types. (#1117)
* fix the lifecycle reference in the states listing (#1118)
* specify cgroup ownership semantics (#1123)
* config-linux: MAY reject an unfit cgroup (#1125)
* cgroup ownership: clarify that some files may not exist (#1137)
* schema: update README.md (#1083)
* schema: make with golang 1.16 (#1084)
* Update Windows CPU comments (#1144)
* specs-go: export LinuxBlockIODevice (#1103)
* config-linux: update type of LinuxCPU.Idle to *int64 (#1146)
* Add available LinuxSeccompFlags (#1138)
* config-linux: clarify where device nodes can be created (#1148)
* runtime: remove `When serialized in JSON, the format MUST adhere to the following pattern` (#1178)
* config: clarify Linux mount options (#1181)
* schema: fix schema for timeOffsets (#1193)
* schema: remove duplicate keys (#1195)
* config-linux: clarify I/O throttling differences between cgroup v1 and v2 (#1194)
* releases: use +dev as in-development suffix (#1198)
* features: update Example (#1204)
* schema: fix definition for ioPriority (#1206)
* features: add a note to avoid confusion about annotations (#1212)
Documentation, CI & Governance:
* MAINTAINERS: Add @cyphar as maintainer (#1043)
* Add Giuseppe Scrivano as a runtime spec maintainer (#1048)
* Remove superfluous 'an' (#1049)
* docs: Added enclave OCI runtime rune to implementations (#1055)
* Change all references from whitelist to allowlist (#1054)
* MAINTAINERS: update vbatts email (#1065)
* travis: fix go_import_path (#1072)
* Makefile: Fix golint URL used in go get (#1075)
* config-linux: fix personality link (#1086)
* README: Fix broken link for charter (#1091)
* add youki to implementations.md (#1126)
* Switch to GitHub Actions, CODEOWNERS, etc. (#1128)
* typo: seccompFD -> seccompFd (#1133)
* fix RFC link (#1153)
* maintainer updates as per #1101 (#1150)
* GOVERNANCE: correct the Charter URL (#1157)
* CODEOWNERS: sync with MAINTAINERS (#1160)
* Update CI to Go 1.20 (#1179)
* config-linux: fix url error (#1184)
* config-linux: chore: Update `ociVersion` in example (#1199)
* MAINTAINERS: add Toru Komatsu (utam0k) (#1201)
* glossary: `s/features document/Features structure/g` (#1203)
* CODEOWNER: Add Toru Komatsu(@utam0k) to sync with MAINTAINERS (#1207)
* README.md: update chat information (#1210)
* Remove outdated meeting.ics (#1211)
Changes with v1.0.2:
Additions:
* Add create-container, create-runtime and start-container hooks (#1008)
* config-linux: add Intel RDT CLOS name sharing support (#988)
* config-linux: Add Intel RDT/MBA Linux support (#932)
* config-linux: Add Memory cgroup's use_hierarchy (#985)
* Add Linux personality support (#1012)
* config: Add Windows Devices to Schema (#976)
* Add support for SCMP_ACT_LOG (#1019)
* config-linux: support seccomp flags (#1018)
Minor fixes and documentation:
* Makefile: avoid SELinux for making docs
* Clarify case with pre-configured Intel RDT closID (#1034)
* config-linux: describe more about rootfs mount propagation (#1035)
* config-linux: add SHOULD to linux.namespaces.type (#1025)
* Reduce DCO checks per PR from 3 to 1 (#1029)
* Fix typo in RELEASES.md (#1033)
* Remove some unneeded indent (#1031)
* Add documentation how to do releases (#1027)
* Removed Vishnu Kannan & Brandon Philips from maintainers (#1030 & #1028)
* schema: drop id from umask (#1024)
* implementations.md: fix repository for crun (#1017)
* Update meeting info section to point to "org" repo (#1016)
* Fix markdown escape in config-linux (#1013)
* config-linux: add more info about hugetlb page size (#1011)
* Fix ociVersion of Configuration Schema Example to support ambient capability (#1009)
* Fix Namespaces to use LinuxNamespaceType (#1007)
* change new pid namespace description (#1006)
* updating link to code of conduct in org repository (#1001)
* Update Windows LayerFolder docs (#999)
* Windows:Have native CommandLine in Process (#998)
* vm: fix parameters field (#994)
* config-linux: documentation change for Intel RDT/MBA Software Controller support (#992)
* Bump Go versions (#993)
* Support for network namespace in windows (#989)
* config: clarify source mount (#981)
* Fix camelCasing on idType to align with other Windows spec conventions (#976)
* meeting: Bump July meeting from the 4th to the 11th (#977)
* docs: Added kata-runtime to implementations (#969)
* Add gVisor to the implementations list (#970)
* .travis.yml: Get schema dependencies in before_install (#968)
* config: Clarify execution environment for hooks (#953)
* config-linux: Drop console(4) reference (#965)
* Linux devices: uid/gid relative to container (#959)
* config: Add VM-based container configuration section (#949)
* uidMappings: change order of fields for clarity (#956)
* specs-go/config: Define RDMA cgroup (#942)
* schema/Makefile: fix test (#947)
* config: Fix Linux mount options links (#952)
* glossary: Bump JSON spec to RFC 8259 (#951)
* schema: Completely drop our JSON Schema 'id' properties (#945)
* meeting: Bump January meeting from the 3rd to the 10th (#943)
* config: add "umask" field to POSIX "user" section (#941)
* schema: add allowed values for defaultAction (#940)
* config: Dedent root paragraphs, since they aren't a list entry (#936)
* fix the link to hook (#933)
* config: Collapse extensibility to a single MUST (#916)
* schema/defs-linux: change weight type to uint16 (#898)
* runtime: Clarify ociVersion as based on the state schema (#903)
Changes with v1.0.1:
Minor fixes and documentation:
* spec: Expand "OCI" in spec-title reference and add "Initiative"
(#900)
* config: Simplify title to "Configuration" (#901)
* config: Fix "procfs_2" -> "proc_2" link label (#906)
* config: Fix IEEE Std 1003.1-2008 exec link markup (#913)
* config: Add a trailing period to the "cannot be mapped" rlimits
line (#915)
* config-linux: RFC 2119 MUST for absolute linux.namespaces[].path
(#925). This is technically a breaking change, because a config
with a relative namespace path would have been compliant before,
but will be non compliant with this change. However, the previous
"an absolute path to namespace file" wording was clear enough that
config authors are unlikely to be relying on relative namespace
paths in configs.
* config-linux: More specific documentation for weightDevice and
throttle* (#825)
* config-linux: Modify procfs to proc (#905)
* config-linux: Fix "psuedo" -> "pseudo" typo (#921)
* config-windows: Make maximum a uint16 (was a uint) (#891)
* runtime: Change "process in the container" -> "container
process" (#907)
* schema/config-schema: Use ArrayOfStrings in capabilities
properties. (#886)
* schema/config-linux:
s/throttleWriteIopsDevice/throttleWriteIOPSDevice/ (#899)
* schema/config-linux: add intelRdt field (#889)
* schema/config-solaris: Replaced refs with some fields
(cappedCPU.ncpus, etc.) (#892)
Changes with v1.0.0:
Breaking changes:
* config: Shift disableOOMKiller from linux.resources to
linux.resources.memory (#896)
Decreased restrictions:
* runtime: Make the state JSON's pid optional on non-Linux platforms
(#897)
Minor fixes and documentation:
* schema/defs-linux: Require Syscall.action (#885)
* specs-go/config: Fix 'omiempty' -> 'omitempty' typo for
LinuxSeccompArg.ValueTwo (#884)
* ROAMAP: remove the pre-v1.0.0 roadmap (#890)
Changes with v1.0.0-rc6:
Breaking changes:
* config: Shift oomScoreAdj to process and add RFC 2119 requirements
for the runtime (#781, #789, #836)
* config: Forbid 'root' on Hyper-V (#820, #838).
* config: process.capabilities and process.noNewPrivileges are
Linux-only again (#880). This partially reverses #673, which had
landed in v1.0.0-rc5.
* config: Remove process.rlimits from Windows (#880). It is now
POSIX-only, while in v1.0.0-rc5 it was cross-platform (because of
#673). Before #673 (in v1.0.0-rc4 and earlier), it was
Linux-only.
* config-linux: Drop redundant 'blkio' prefix from blockIO
properties (#860)
* config-linux: Make memory limits int64 instead of uint64 (#876).
This partially reverses #704, which had landed in v1.0.0-rc5.
* config-windows: Change CPU 'percent' to 'maximum' (#777)
* config-windows: Remove memory 'reservation' (#788)
* config-windows: Remove 'resources.network' and add 'network' (#801)
Additions:
* config: Windows runtimes MUST support the 'ro' mount option (#868)
* config-linux: Add Intel RDT/CAT Linux support (#630, #787)
* config-linux: Add Markdown specification for syscalls (#706)
* config-linux: Add 'unbindable' rootfsPropagation value (#770, #775)
* config-windows: Add 'credentialSpec' (#814, #859)
* config-windows: Add 'servicing' (#815)
* config-windows: Add 'ignoreFlushesDuringBoot' (#816, #859)
* config-windows: Add 'hyperv' (#818, #849, #859)
* config-windows: Add 'layerFolders' (#828)
Removals and increased restrictions:
* config: Remove 'platform' (#850)
* config: Require strictly-postitive 'timeout' values (#764)
* config: Strengthen punt to kernel for valid capabilities strings
(#766, #790)
* config: Require volume GUID paths for root.path (#849)
* config: Forbid setting 'readonly' true on Windows (#819)
* config: Forbid setting mount 'type' entirely on Windows and forbid
UNC paths and mapped drives in 'source' on Windows (#821)
* config: Remove 'hooks' from Windows spec (#855, #869, #870)
* config-linux: Clearly require absolute path for namespace (#720)
* config-linux: RFC 2119 tightening for namespaces (#767)
* config-linux: Require at least one entry in
linux.seccomp.syscalls[].names (#769)
* config-linux: Remove syscall.comment (#714)
* config-linux: Use MUST and MAY for weight and leafWeight (#751)
* config-linux: Remove explicit 'null' from device cgroup values
(#804)
* runtime: Remove "features the runtime chooses to support" (#732)
* runtime: Drop "not supported by the base OS" loophole (#733)
* runtime-linux: Condition /proc/self/fd symlinks on source
existence (#736)
Decreased restrictions:
* config: Make 'process' optional (#701, #805)
* config-linux: Make linux.seccomp.syscalls optional (#768)
* config-linux: valueTwo is now optional in
`linux.seccomp.syscalls[].args` entries (#877)
* config-linux: Remove local range restrictions for blkioWeight,
blkioLeafWeight, weight, leafWeight, and shares (#780)
* config-linux: Explicitly allow symlinks for providing devices (#873)
Minor fixes and documentation:
* config: Remove "MAY support any valid values" sentence (#851)
* config: Remove the previously-forbidden mounts[].type from the
Windows spec (#854)
* config: Clarify mounts[].source relative path anchor (#735)
* config: Explicitly make consoleSize ignored if terminal is false or
unset (#863)
* config: Specify height/width units (characters) for consoleSize (#761)
* config: Use "POSIX platforms" instead of "Linux and Solaris" (#838)
* config-linux: Explicit namespace for interface names (#713)
* config-linux: Explicitly list cgroupsPath as optional (#823)
* runtime: Clarify valid container states for 'start', 'kill', and
'delete' (#875)
* runtime: Explicitly make process.* timing implementation-defined (#700)
* specs-go/config: Remove range restrictions from Windows comments (#783)
* specs-go/config: Add omitempty to LinuxSyscall.Args (#763)
* specs-go/config: Use a pointer for Process.ConsoleSize (#792)
* schema/README: Use v1.0.0 URL in examples to prepare for the 1.0.0
release (#881)
* schema/Makefile: Make 'validate' the default target (#750)
* schema/Makefile: Add 'clean' target (#774)
* schema: Add 'test' target to the Makefile (#785)
* *: Remove unnecessary .PHONY entries (#750, #778, #802)
* *: Typo fixes and polishing (#681, #708, #702, #703, #709, #711,
#712, #721, #722, #723, #724, #730, #737, #738, #741, #744, #749,
#753, #756, #765, #773, #776, #784, #786, #793, #794, #796, #798,
#799, #800, #803, #807, #809, #811, #812, #822, #824, #826, #827,
#832, #839, #840, #846, #847, #848, #852, #856, #858, #862, #865,
#871, #874)
Changes with v1.0.0-rc5:
Breaking changes:
* config: Explicitly require `platform` (#695).
* config: The platform-specific sections (`linux`, `solaris`, and
`windows`) MUST NOT be set unless they match `platform.os` (#673).
* config: `process.capabilities` is now an object instead of an
array of strings (#675).
* config-linux: No longer allow negative values for some resources,
partially reversing #648 from v1.0.0-rc4 (#704).
* config-linux: `linux.seccomp.syscalls` entries have `names`
instead of `name` (#657).
* runtime: Rename the state `bundlePath` property to `bundle`
(#674).
Additions:
* config: `process.capabilities` is no longer Linux-only (#673).
* config-linux: `linux.seccomp.syscalls` entries have a new
`comment` property (#657).
* config-linux: Add new architectures from libseccomp 2.3.2 (#705)
* runtime: Add a `creating` state `status` (#507, #694).
Removals and increased restrictions:
* runtime: Document hook timing and exit code handling (#532).
* schema/config-linux: Explicit `null` values are no longer
compliant (#662).
Decreased restrictions:
* config: `type` and `source` properties are now optional for
`mounts` entries (#699).
* config: `args` property is now optional for hooks (#685).
* config-linux: Runtimes no longer need to provide `/proc` and
other filesystems unless they are explicitly requested in the
configuration JSON (#666).
Minor fixes and documentation:
* spec: Add OCI Runtime Abstract (#691).
* config: Document the Go `platform` tag (#570).
* config-linux: Remove local uid/gid mapping limit and punt to the
kernel (#693).
* schema: Fix broken `string` and similar `$ref`s (#684).
* schema: Remove `mounts` from required properties (#696).
* schema: Remove `major` and `minor` from `linux.devices` entries
(#688).
* schema: Check for the required `type`, `hard`, and `soft` in
`process.rlimits` entries (#696).
* schema/validate: Gained usage documentation and fixed
`schemaPath` logic when the argument did not contain `://` (#552).
* *: Add anchor tags to a number of spec locations (#707).
* *: Consistent link syntax (#687).
* *: Minor cleanup and rewording (#697).
Changes with v1.0.0-rc4:
Additions:
* config-linux: Allow negative values for some resources (#648)
* config-linux: Lift no-tweaking namespace restriction (#649)
Removals and increased restrictions:
* config: Rlimit types must be unique (#607)
* config: Forbid empty-string keys in 'annotations' (#645, #654)
* config-linux: Require runtime errors for pre-existing devices
(#647)
* runtime: Only require 'pid' in the state for created/running
statuses (#664)
* schema: Add 'consoleSize' and update requirements (#646)
* schema: Remove string pointers (#656)
* schema/config-linux: Remove blockIODeviceThrottle and other
pointers (#545)
Breaking Go changes:
* specs-go/config: Remove string pointers (#653)
* specs-go/config: Make Spec.Hooks a pointer (#427)
* specs-go/config: Convert some resources from unsigned integers
to signed integers (#648)
Minor fixes and documentation:
* config: Explicitly list 'hooks' as optional and cite POSIX for
'env' and 'args' (#427)
* runtime: Replace "process is stopped" with "process exits"
(#465)
* schema/config-linux: Add missing kernelTCP (#655)
* schema/validate: Allow schema identifiers to contain a URL
scheme (#490)
* .travis: Fix git-validation commit ranges (#216)
* *: Add anchor tags to a number of spec locations (#612, #636,
#637, #638, #639, #640)
* *: Typo fixes and polishing (#643, #650, #652, #656, #660, #665)
Changes with v1.0.0-rc3:
Additions:
* config: Add support for Windows-based containers (#565, #573)
* config: Add process.consoleSize (#563)
* config: Explicitly allow unknown extensions and document
annotations key conventions (#510)
* config: Define mounts entries for Solaris (#588)
Removals and increased restrictions:
* config: Require absolute paths for mount destinations (#609)
* config-linux: Require absolute path for maskedPaths and
readonlyPaths (#587)
* config-linux: Only require /dev/console when process.terminal is
true. Also require /dev/console to be provided by a bind mount
(#518)
* runtime: Require runtimes to generate errors when the container
specified in config.json cannot be created (#559)
Breaking Go changes:
* specs-go/config: Aggressive namespacing (#567)
* specs-go/config: Remove pointers from LinuxHugepageLimit,
LinuxInterfacePriority, and LinuxPids properties (#586)
* specs-go/state: Rename version to ociVersion (#633)
LinuxInterfacePriority, and LinuxPids properties (#586)
Minor fixes and documentation:
* spec: Separate the spec from project scaffolding (#626)
* README: Define "unspecified", "undefined", and
"implementation-defined" (#575)
* config: Clarify absolue and relative values for root.path (#558)
* config: Clarify ociVersion covering the configuration <->
runtime API (#523)
* config-linux: Forbid duplicated namespaces with same `type`
(#597)
* glossary: Make objects explicitly unordered and forbid duplicate
names (#584)
* specs-go/config: Add platform tags to Rlimits and
NoNewPRivileges (#564)
* schema/defs-linux: Use int64 for major/minor types (#610)
* Makefile: Add support for Go 1.7 (#547)
* Makefile: Require Go >= 1.6 for golint (#589)
* Makefile: Use a POSIX-compatible test ('==' -> '=') (#542)
* implementations: Rename ocitools -> runtime-tools (#585)
* *: Typo fixes and polishing (#556, #566, #568, #569, #571, #572,
#574, #595, #596, #599, #600, #601, #603, #605, #608, #613, #617,
#619, #621, #622, #623, #624, #625, #627, #629)
Changes with v1.0.0-rc2:
Additions:
* config-linux: Add new architectures from libseccomp 2.3.0 (#505)
* schema: Add JSON Schema for state JSON and move schema.json to
config-schema.json and similar (#481, #498, #519)
Minor fixes and documentation:
* Add compliance language for platforms and architectures (#527)
* Remove "unconditionally compliant" language (#553)
* bundle: Remove distribution references (#487)
* runtime: Fix sub-bullet indentation (#495)
* config: Replace Arch fstab reference with mount(8) (#443)
* config: Synchronize comments between Markdown and Go (#525)
* config: Drop v0.x compatibility statement (#488)
* config-linux: RFC 2119 wording for cgroupsPath (#493)
* config-linux: Make linux.devices and linux.resources.devices
optional (#526)
* config-linux: Extend no-tweak requirement to runtime namespaces (#538)
* schema: Add hook.timeout (#544)
* schema: Add missing '"type": "object"' (#528)
* schema: Run 'make fmt' and remove duplicates (#546, #551)
* schema/config: Make 'hostname' optional (#491)
* schema/config-linux: Add linux.resources.devices (#550)
* specs-go/config: Add Solaris tags to User properties (#496)
* specs-go/config: Make Linux and Solaris omitempty again (#502)
* specs-go/config: Make KernelTCP and ClassID omitempty (#531)
* specs-go/config: Fix "specified" typo for ApparmorProfile (#503)
* Makefile: Remove code-of-conduct.md and version.md when clean (#541)
* implementations: Mention cc-oci-runtime (#539)
* Use filesystem instead of file system (#529)
* .pullapprove: Add DCO check via PullApprove
* GOVERNANCE: Add governance and release process docs (#521)
* README: Change meeting time from 10am to 2pm Pacific (#524)
* README: Update conference-call phone number (#512, #515)
Changes with v1.0.0-rc1:
Breaking changes:
* runtime: Split create and start, #384, #450, #463, #464, #467,
#468
* runtime: Remove exec, #388
* runtime: Enviroment MUST match the configuration, #397
* config: Runtime MUST generate errors for unsupported platforms,
#441
* config: Windows mount destinations MUST NOT be nested, #437
Additions:
* solaris: Added platform-specific configuration, #411, #424, #431,
#436
* runtime: Add 'annotations' and 'status' to the state structure,
#462, #484, #485
* runtime: State no longer needs to be serialized as JSON, #446
* runtime-linux: Add /dev symbolic links, #449
* config: Allow absolute paths for root.path (which previously
required relative paths), #394
* config-linux: Add linux.mountLabel, #393
* config-linux: Add suport for cgroup namespace, #397
* config-linux: Runtime SHOULD NOT modify ownership of any
referenced filesystem (previously the restriction only applied to
the root filesystem), #452
* specs-go/seccomp: Add ppc and s390x to specs-go/config.go, #475
Minor fixes and documentation:
* README: Add project.md to the Table of Contents, #376
* README: Consistenly indent the Table of Contents, #400
* README: Link to LICENSE, #442
* README: Weekly call is OCI-wide, #378
* config: Explicit runtime namespace for hooks, #415
* config: Explicit container namespace for uid, gid, and
additionalGids, #412
* config: Fix 'string' -> 'array of strings' typo for process.args,
#416
* runtime: The runtime MAY validate config.json, #418
* runtime: Move errors section out of operations, #445
* runtime: MAY -> SHOULD for post-stop error logging, #410
* schema/README: Document JSON Schema usage, #360, #385
* schema: Minor description updates, #456, #461
* schema/validate: Support reading documents via stdin, #482
* .pullapprove: Automate review approval, #458, #474
* .gitignore: Hide more auto-generated files, #386, #392
* .travis: git-validation detects Travis now, #366
* .travis: Regress on failure to produce docs, #479
* Makefile: Filename docs.* -> oci-runtime-spec.*, #478
* Makefile: Add install.tools target, #349
* Makefile: Allow native pandoc implementations, #428, #448
* Makefile: Prefer Bash, #455
* Makefile: Travis support for .gitvalidation, #422
* specs-go/config: Add missing omitempties for Process.Terminal,
Root.Readonly, Spec.Linux, and Spec.Mounts, #408, #429, #430, #431
* specs-go/config: Remove incorrect omitempties for User.UID and
User.GID, #425
* specs-go/config: Drop platform-independent comment, #451
* version: Include version in generated documentation, #406
* *: Anchor examples, #348
* *: Fix remnants from SelinuxProcessLabel to SelinuxLabel rename,
#396
* *: Outsource code-of-conduct to TOB repository, #375, #413
* *: RFC 2119 consistency, #407, #409, #438, #444, #449
* *: Typo fixes, #390, #401
* *: Whitespace fixes and validation, #380, #381, #426
* ROADMAP: Remove stale targets, #435
Changes with v0.5.0:
Breaking changes:
* specs-go: Renamed the repository from opencontainers/specs to
opencontainers/runtime-spec, #365
Additions:
* config: Add 'timeout' for hooks, #346
* config-linux: Add 'maskedPaths' and 'readonlyPaths', #364
Minor fixes and documentation:
* JSON Schema bug-fixes and improved examples, #370
* README: Define "unconditionally compliant", #374
* config: Make Markdown canonical, #342
* config: Explicitly list mapping from symbolic names to UID/GIDs as
out-of-scope, #347
* config-linux: Require the runtime mount namespace for namespace
'path' values, #275
* config-linux: Reword kernelTCP docs, #377
* specs-go: Add omitempty to 'Device' and 'Namespace', #340
* .travis.yml: Use built-in 'go vet' and current 'go lint', dropping
Go < 1.5, #372, #352
* implementations: Expand ocitools scope to include testing, #328
* style: Move one-sentence-per-line rule from the README, #369
* style: Remove dangling parenthesis, #359
* README: Add a link to the IRC logs, #358
* Fix "manadate", "exmaple", "paramters", and "preferrably" typos,
#353, #354
Changes with v0.4.0:
Breaking changes:
* config: Move capabilities, selinuxProcessLabel, apparmorProfile,
and noNewPrivileges from the linux setting to the process setting
and make them optional, renaming selinuxProcessLabel to
selinuxLabel, #329, #330, #339
* runtime: Rename version to ociVerison in the state JSON, #225
* runtime: Remove the directory requirement for storing state, now
that there is a 'state' operation, #225, #334
* go: Shift *.go to specs-go/*.go, #276
* config: Move rlimits to process, #341
* go: Move config_linux.go content into config.go, removing
LinuxSpec, #310
Additions:
* schema: Add JSON Schema (and validator) for `config.json`, #313
* config: Add annotations for opaque-to-the-runtime data, #331
* config-linux: Make seccomp optional, #333
* runtime: Added additional operations: state, stop, and exec.
#225
Minor fixes and documentation:
* config-linux: Change mount type from *rune to *string and fix
octal fileMode examples, #323
* runtime: RFC 2119 phrasing for the lifecycle, #225
* README: Add a full example of config.json, #276
* README: Replace BlueJeans with UberConference, #326, #338
* style: Document Go-pointer exceptions, #317
Changes with v0.3.0:
Breaking changes:
* config: Single, unified config file, #284
* config: cwd is a required default, and must be absolute, #286,
#307, #308, #312
* config: qualify the name of the version field, #309
* config-linux: Convert classID from hex to uint32, #296
* config-linux: Separate mknod from cgroups, #298
Additions:
* config-linux: Add NoNewPrivileges setting for linux, #290
Minor fixes and documentation:
* config-linux: clarify oom_score_adj, #236, #292
* config-linux: Update links to cgroups documentation, #318
* config-linux: Remove pointers for slices preferring omitempty
tag instead, #316
* README: add runtime, bundle, and hook author user, #280
* ROADMAP: reshuffled and split into GitHub issues, #300, #301,
#304, #306
* style: Collect established styles in a discoverable location, #287, #311
Changes with v0.2.0:
* Add Apparmor, Selinux and Seccomp
* Add Apparmor, Selinux and Seccomp sections
* Add bind mount example
* Add fd section for linux container process
* Add Go types for specification
* *: adding a code of conduct
* Adding cgroups path to the Spec.
* .: Adding listing of implementations
* .: adding travis file for future CI
* Add license and DCO information for contributions
* Add linux spec description
* Add MAINTAINERS file
* Add memory swappiness to linux spec
* Add runtime state configuration and structs
* Adds a section for user namespace mappings
* Adds link to kernel cgroups documentation
* Adds section for Linux Rlimits
* Adds section for Linux Sysctl.
* Adds user namespace to the list of namespaces
* bundle: add initial run use case
* bundle: Fix 'and any number of and other related' typo
* bundle.md: clarify arbitrary/conventional dirnames
* bundle.md: fix link formatting
* bundle.md: fix off-by-one error
* bundle.md: various updates to latest spec
* bundle: Move 'Linux sysctl' header to its own line
* Change commiter to committer
* Change Device field order in spec_linux.go, 'Path' should be top of the 'Type' field, according to the different of the config-linux.md, 'Path' field is the unique key.
* Change layout of mountpoints and mounts
* Change the rlimit type to string instead of int
* Clarify behavior around namespaces paths.
* config: Add example additionalGids
* config: Add example cwd
* config: cleanup language on readonly parameter
* config: fix links to go files
* config-linux: specify the default devices/filesystems available
* config.md: clarify destination for mounts
* config.md: make the version a semver
* config.md: make the version field example a semver
* config.md: minor clean up of process specification
* config.md: reformat into a standard style
* config.md: update links to spec schema code
* config.md: various cleanup/consistency fixes
* config: minor cleanup
* Deduplicate the field of RootfsPropagation
* Define constants for Linux Namespace names
* Fix LinuxRuntime field
* Fix root object keys
* Fix typos in config.md
* Fix typos in the "Namespace types" section
* Fix typos in the rlimits section
* Fix Windows path escaping in example mount JSON
* JSON objects are easier to parse/manipulate
* made repo public. Added warning in README
* Make namespaces match runc
* make rootfs mount propagation mode settable
* Makes namespaces description linux specific
* *.md: markdown formatting
* Modify the capabilities constants to match header files like other constants
* Move linux specific options to linux spec
* README: add a rule for paragraph formatting in markdown
* README: Document BlueJeans and wiki archive for meetings
* README: Document pre-meeting agenda alteration
* README: Document YouTube and IRC backchannel for meetings
* README: Focus on local runtime (create/start/stop)
* README.md: Add a git commit style guide
* README.md: contribution about discussion
* README: releases section
* README: Remove blank line from infrastructure-agnostic paragraph
* removed boilerplate file
* *: remove superfluous comma in code-of-conduct
* Remove trailing whitespace
* Rename SystemProperties to Sysctl
* Rename the header "Access to devices" to "Devices" to fit with the config
* *: re-org the spec
* Replace Linux.Device with more specific config
* restore formatting
* Return golang compliant names for UID and GID in User
* Return golint-compliant naming for mappings
* runtime: Add prestart/poststop hooks
* runtime_config: comments for golint
* runtime-config-linux: Drop 'Linux' from headers
* runtime_config_linux: Fix 'LinuxSpec' -> 'LinuxRuntimeSpec' in comment
* runtime-config-linux: One sentence per line for opening two paragraphs
* runtime-config: Remove blank lines from the end of files
* runtime-config: Remove 'destination' docs from mounts
* runtime.md: convert oc to runc
* runtime: use opencontainer vs oci
* *: small spelling fixes
* Specific platform specific user struct for spec
* spec: linux: add support for the PIDs cgroup
* spec_linux: conform to `golint`
* spec_linux.go: Rename IDMapping fields to follow syscall.SysProcIDMap
* spec_linux: remove ending periods on one-line comments
* spec: rename ocp to oci and add a link
* specs: add json notation
* specs: align the ascii graph
* specs: fix the description for the [ug]idMappings
* specs: introduce the concept of a runtime.json
* .tools: cleanup the commit entry
* .tools: repo validation tool
* travis: fix DCO validation for merges
* typo: containers -> container's
* typo: the -> for
* Update config-linux for better formatting on values
* Update README.md
* Update readme with weekly call and mailing list
* Update runtime.md
* Update runtime.md
* Update runtime.md
* version: more explicit version for comparison
Changes with v0.1.0:
* Add Architecture field to Seccomp configuration in Linux runtime
* Add @hqhq as maintainer
* Add hyphen for host specific
* Adding Vishnu Kannan as a Maintainer.
* Add initial roadmap
* Add lifecycle for containers
* Add oom_score_adj to the runtime Spec.
* Add post-start hooks
* Add Seccomp constants to description of Linux runtime spec
* Add Seccomp constants to Linux runtime config
* Add some clarity around the state.json file
* adds text describing the upper-case keywords used in the spec
* add testing framework to ROADMAP
* Appropriately mark optional fields as omitempty
* cgroup: Add support for memory.kmem.tcp.limit_in_bytes
* Change HugepageLimit.Limit type to uint64
* Change the behavior when cgroupsPath is absent
* Change version from 0.1.0 to 0.2.0
* Clarify the semantics of hook elements
* Cleanup bundle.md
* Cleanup principles
* config: linux: update description of PidsLimit
* config: Require a new UTS namespace for config.json's hostname
* config: Require the runtime to mount Spec.Mounts in order
* convert **name** to **`name`**
* Example lists "root' but text mentions "bundlePath"
* Fix an extra space in VersionMinor
* Fix golint warnings
* Fix typo in BlockIO struct comment
* Fix typo in Filesystem Bundle
* Fix value of swappiness
* glossary: Provide a quick overview of important terms
* glossary: Specify UTF-8 for all our JSON
* hooks: deduplicate the hooks docs
* implementations: Link to kunalkushwaha/octool
* implementations: Link to mrunalp/ocitools
* lifecycle: Don't require /run/opencontainer/<runtime>/containers
* lifecycle: Mention runtime.json
* lifecycle: no hypens
* MAINTAINERS: add tianon per the charter
* MAINTAINERS: correct Vish's github account
* Makefile: Add glossary to DOC_FILES
* Make optional Cgroup related config params pointers along with `omitempty` json tag.
* Mark RootfsPropagation as omitempty
* *.md: update TOC and links
* move the description of Rlimits before example
* move the description of user ns mapping to proper file
* principles: Give principles their own home
* *: printable documents
* Project: document release process
* README: Fix some headers
* README: make header more concise
* remove blank char from blank line
* Remove the unneeded build tag from the config_linux.go
* Remove trailing comma in hooks json example
* Rename State's Root to Bundle
* ROADMAP.md: remove the tail spaces
* roadmap: update links and add wiki reference
* runtime: Add 'version' to the state.json example
* runtime-config: add example label before json example
* runtime-config: add section about Hooks
* runtime: config: linux: add cgroups information
* runtime: config: linux: Edit BlockIO struct
* runtime: config: linux: Fix typo and trailing commas in json example
* runtime_config_linux.go: add missing pointer
* runtime-config-linux.md: fix the type of cpus and mems
* runtime.md: fix spacing
* Talk about host specific/independent instead of mutability
* .tools: commit validator is a separate project
* .tools: make GetFetchHeadCommit do what it says
* .travis.yml: add go 1.5.1, update from 1.4.2 to 1.4.3
* Update readme with wiki link to minutes
* Update Typo in ROADMAP.md
* Use unsigned for IDs
* version: introduce a string for dev indication