1OpenContainers Specifications
2
3Changes with v1.1.0:
4
5 Breaking changes (but rather conforms to the existing runc implementation):
6
7 * config: change prestart hook spec to match reality (#1169)
8
9 Deprecations:
10
11 * config-linux: mark memory.kernel[TCP] as NOT RECOMMENDED (#1093)
12
13 Additions:
14
15 * cgroup: add cgroup v2 support (#1040)
16 * seccomp: allow to override errno return code (#1041)
17 * seccomp: Add support for SCMP_ACT_KILL_PROCESS (#1044)
18 * Update seccomp architectures to support RISCV64 (#1059)
19 * Add support for SCMP_ACT_KILL_THREAD (#1064)
20 * Add Seccomp Notify support using UNIX sockets and container metadata (#1074)
21 * config-linux: Add Intel RDT CMT and MBM Linux support (#1076)
22 * seccomp: allow to override default errno return code (#1087)
23 * Introduce zos as platform (#1095)
24 * config-linux: add idle option for container cgroup (#1136)
25 * config-linux: add CFS bandwidth burst (#1120)
26 * IDMapping field for mount point (#1143)
27 * schema: add cpu idle (#1145)
28 * add domainname spec entity (#1156)
29 * config-linux: add memory.checkBeforeUpdate (#1158)
30 * seccomp: Add flag SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV (#1161)
31 * config-linux: add support for rsvd hugetlb cgroup (#1116)
32 * features: add `features.md` to formalize the `runc features` JSON (#1130)
33 * config-linux: add support for time namespace (#1151)
34 * config: add scheduler entity (#1188)
35 * config: Add I/O Priority Configuration for process group in Linux Containers (#1191)
36
37 Minor fixes:
38
39 * seccomp: fix go-specs for errnoRet (#1042)
40 * Define State for container and runtime namespace (#1045)
41 * Add State status constants to spec-go (#1046)
42 * config.go: make umask a pointer (#1058)
43 * Update State structure to use the new ContainerState type (#1056)
44 * Fix int64 and uint64 type value ranges (#1060)
45 * Fix seccomp notify inconsistencies (#1096)
46 * runtime should WARN / ignore capabilities that cannot be granted (#1094)
47 * config-linux: clarify the handling of ClosID RDT parameter (#1104)
48 * defs-zos: [Fix] prevent schema parsers from hitting recursion-loop while resolving types. (#1117)
49 * fix the lifecycle reference in the states listing (#1118)
50 * specify cgroup ownership semantics (#1123)
51 * config-linux: MAY reject an unfit cgroup (#1125)
52 * cgroup ownership: clarify that some files may not exist (#1137)
53 * schema: update README.md (#1083)
54 * schema: make with golang 1.16 (#1084)
55 * Update Windows CPU comments (#1144)
56 * specs-go: export LinuxBlockIODevice (#1103)
57 * config-linux: update type of LinuxCPU.Idle to *int64 (#1146)
58 * Add available LinuxSeccompFlags (#1138)
59 * config-linux: clarify where device nodes can be created (#1148)
60 * runtime: remove `When serialized in JSON, the format MUST adhere to the following pattern` (#1178)
61 * config: clarify Linux mount options (#1181)
62 * schema: fix schema for timeOffsets (#1193)
63 * schema: remove duplicate keys (#1195)
64 * config-linux: clarify I/O throttling differences between cgroup v1 and v2 (#1194)
65 * releases: use +dev as in-development suffix (#1198)
66 * features: update Example (#1204)
67 * schema: fix definition for ioPriority (#1206)
68 * features: add a note to avoid confusion about annotations (#1212)
69
70 Documentation, CI & Governance:
71
72 * MAINTAINERS: Add @cyphar as maintainer (#1043)
73 * Add Giuseppe Scrivano as a runtime spec maintainer (#1048)
74 * Remove superfluous 'an' (#1049)
75 * docs: Added enclave OCI runtime rune to implementations (#1055)
76 * Change all references from whitelist to allowlist (#1054)
77 * MAINTAINERS: update vbatts email (#1065)
78 * travis: fix go_import_path (#1072)
79 * Makefile: Fix golint URL used in go get (#1075)
80 * config-linux: fix personality link (#1086)
81 * README: Fix broken link for charter (#1091)
82 * add youki to implementations.md (#1126)
83 * Switch to GitHub Actions, CODEOWNERS, etc. (#1128)
84 * typo: seccompFD -> seccompFd (#1133)
85 * fix RFC link (#1153)
86 * maintainer updates as per #1101 (#1150)
87 * GOVERNANCE: correct the Charter URL (#1157)
88 * CODEOWNERS: sync with MAINTAINERS (#1160)
89 * Update CI to Go 1.20 (#1179)
90 * config-linux: fix url error (#1184)
91 * config-linux: chore: Update `ociVersion` in example (#1199)
92 * MAINTAINERS: add Toru Komatsu (utam0k) (#1201)
93 * glossary: `s/features document/Features structure/g` (#1203)
94 * CODEOWNER: Add Toru Komatsu(@utam0k) to sync with MAINTAINERS (#1207)
95 * README.md: update chat information (#1210)
96 * Remove outdated meeting.ics (#1211)
97
98Changes with v1.0.2:
99
100 Additions:
101
102 * Add create-container, create-runtime and start-container hooks (#1008)
103 * config-linux: add Intel RDT CLOS name sharing support (#988)
104 * config-linux: Add Intel RDT/MBA Linux support (#932)
105 * config-linux: Add Memory cgroup's use_hierarchy (#985)
106 * Add Linux personality support (#1012)
107 * config: Add Windows Devices to Schema (#976)
108 * Add support for SCMP_ACT_LOG (#1019)
109 * config-linux: support seccomp flags (#1018)
110
111 Minor fixes and documentation:
112
113 * Makefile: avoid SELinux for making docs
114 * Clarify case with pre-configured Intel RDT closID (#1034)
115 * config-linux: describe more about rootfs mount propagation (#1035)
116 * config-linux: add SHOULD to linux.namespaces.type (#1025)
117 * Reduce DCO checks per PR from 3 to 1 (#1029)
118 * Fix typo in RELEASES.md (#1033)
119 * Remove some unneeded indent (#1031)
120 * Add documentation how to do releases (#1027)
121 * Removed Vishnu Kannan & Brandon Philips from maintainers (#1030 & #1028)
122 * schema: drop id from umask (#1024)
123 * implementations.md: fix repository for crun (#1017)
124 * Update meeting info section to point to "org" repo (#1016)
125 * Fix markdown escape in config-linux (#1013)
126 * config-linux: add more info about hugetlb page size (#1011)
127 * Fix ociVersion of Configuration Schema Example to support ambient capability (#1009)
128 * Fix Namespaces to use LinuxNamespaceType (#1007)
129 * change new pid namespace description (#1006)
130 * updating link to code of conduct in org repository (#1001)
131 * Update Windows LayerFolder docs (#999)
132 * Windows:Have native CommandLine in Process (#998)
133 * vm: fix parameters field (#994)
134 * config-linux: documentation change for Intel RDT/MBA Software Controller support (#992)
135 * Bump Go versions (#993)
136 * Support for network namespace in windows (#989)
137 * config: clarify source mount (#981)
138 * Fix camelCasing on idType to align with other Windows spec conventions (#976)
139 * meeting: Bump July meeting from the 4th to the 11th (#977)
140 * docs: Added kata-runtime to implementations (#969)
141 * Add gVisor to the implementations list (#970)
142 * .travis.yml: Get schema dependencies in before_install (#968)
143 * config: Clarify execution environment for hooks (#953)
144 * config-linux: Drop console(4) reference (#965)
145 * Linux devices: uid/gid relative to container (#959)
146 * config: Add VM-based container configuration section (#949)
147 * uidMappings: change order of fields for clarity (#956)
148 * specs-go/config: Define RDMA cgroup (#942)
149 * schema/Makefile: fix test (#947)
150 * config: Fix Linux mount options links (#952)
151 * glossary: Bump JSON spec to RFC 8259 (#951)
152 * schema: Completely drop our JSON Schema 'id' properties (#945)
153 * meeting: Bump January meeting from the 3rd to the 10th (#943)
154 * config: add "umask" field to POSIX "user" section (#941)
155 * schema: add allowed values for defaultAction (#940)
156 * config: Dedent root paragraphs, since they aren't a list entry (#936)
157 * fix the link to hook (#933)
158 * config: Collapse extensibility to a single MUST (#916)
159 * schema/defs-linux: change weight type to uint16 (#898)
160 * runtime: Clarify ociVersion as based on the state schema (#903)
161
162Changes with v1.0.1:
163
164 Minor fixes and documentation:
165
166 * spec: Expand "OCI" in spec-title reference and add "Initiative"
167 (#900)
168 * config: Simplify title to "Configuration" (#901)
169 * config: Fix "procfs_2" -> "proc_2" link label (#906)
170 * config: Fix IEEE Std 1003.1-2008 exec link markup (#913)
171 * config: Add a trailing period to the "cannot be mapped" rlimits
172 line (#915)
173 * config-linux: RFC 2119 MUST for absolute linux.namespaces[].path
174 (#925). This is technically a breaking change, because a config
175 with a relative namespace path would have been compliant before,
176 but will be non compliant with this change. However, the previous
177 "an absolute path to namespace file" wording was clear enough that
178 config authors are unlikely to be relying on relative namespace
179 paths in configs.
180 * config-linux: More specific documentation for weightDevice and
181 throttle* (#825)
182 * config-linux: Modify procfs to proc (#905)
183 * config-linux: Fix "psuedo" -> "pseudo" typo (#921)
184 * config-windows: Make maximum a uint16 (was a uint) (#891)
185 * runtime: Change "process in the container" -> "container
186 process" (#907)
187 * schema/config-schema: Use ArrayOfStrings in capabilities
188 properties. (#886)
189 * schema/config-linux:
190 s/throttleWriteIopsDevice/throttleWriteIOPSDevice/ (#899)
191 * schema/config-linux: add intelRdt field (#889)
192 * schema/config-solaris: Replaced refs with some fields
193 (cappedCPU.ncpus, etc.) (#892)
194
195Changes with v1.0.0:
196
197 Breaking changes:
198
199 * config: Shift disableOOMKiller from linux.resources to
200 linux.resources.memory (#896)
201
202 Decreased restrictions:
203
204 * runtime: Make the state JSON's pid optional on non-Linux platforms
205 (#897)
206
207 Minor fixes and documentation:
208
209 * schema/defs-linux: Require Syscall.action (#885)
210 * specs-go/config: Fix 'omiempty' -> 'omitempty' typo for
211 LinuxSeccompArg.ValueTwo (#884)
212 * ROAMAP: remove the pre-v1.0.0 roadmap (#890)
213
214Changes with v1.0.0-rc6:
215
216 Breaking changes:
217
218 * config: Shift oomScoreAdj to process and add RFC 2119 requirements
219 for the runtime (#781, #789, #836)
220 * config: Forbid 'root' on Hyper-V (#820, #838).
221 * config: process.capabilities and process.noNewPrivileges are
222 Linux-only again (#880). This partially reverses #673, which had
223 landed in v1.0.0-rc5.
224 * config: Remove process.rlimits from Windows (#880). It is now
225 POSIX-only, while in v1.0.0-rc5 it was cross-platform (because of
226 #673). Before #673 (in v1.0.0-rc4 and earlier), it was
227 Linux-only.
228 * config-linux: Drop redundant 'blkio' prefix from blockIO
229 properties (#860)
230 * config-linux: Make memory limits int64 instead of uint64 (#876).
231 This partially reverses #704, which had landed in v1.0.0-rc5.
232 * config-windows: Change CPU 'percent' to 'maximum' (#777)
233 * config-windows: Remove memory 'reservation' (#788)
234 * config-windows: Remove 'resources.network' and add 'network' (#801)
235
236 Additions:
237
238 * config: Windows runtimes MUST support the 'ro' mount option (#868)
239 * config-linux: Add Intel RDT/CAT Linux support (#630, #787)
240 * config-linux: Add Markdown specification for syscalls (#706)
241 * config-linux: Add 'unbindable' rootfsPropagation value (#770, #775)
242 * config-windows: Add 'credentialSpec' (#814, #859)
243 * config-windows: Add 'servicing' (#815)
244 * config-windows: Add 'ignoreFlushesDuringBoot' (#816, #859)
245 * config-windows: Add 'hyperv' (#818, #849, #859)
246 * config-windows: Add 'layerFolders' (#828)
247
248 Removals and increased restrictions:
249
250 * config: Remove 'platform' (#850)
251 * config: Require strictly-postitive 'timeout' values (#764)
252 * config: Strengthen punt to kernel for valid capabilities strings
253 (#766, #790)
254 * config: Require volume GUID paths for root.path (#849)
255 * config: Forbid setting 'readonly' true on Windows (#819)
256 * config: Forbid setting mount 'type' entirely on Windows and forbid
257 UNC paths and mapped drives in 'source' on Windows (#821)
258 * config: Remove 'hooks' from Windows spec (#855, #869, #870)
259 * config-linux: Clearly require absolute path for namespace (#720)
260 * config-linux: RFC 2119 tightening for namespaces (#767)
261 * config-linux: Require at least one entry in
262 linux.seccomp.syscalls[].names (#769)
263 * config-linux: Remove syscall.comment (#714)
264 * config-linux: Use MUST and MAY for weight and leafWeight (#751)
265 * config-linux: Remove explicit 'null' from device cgroup values
266 (#804)
267 * runtime: Remove "features the runtime chooses to support" (#732)
268 * runtime: Drop "not supported by the base OS" loophole (#733)
269 * runtime-linux: Condition /proc/self/fd symlinks on source
270 existence (#736)
271
272 Decreased restrictions:
273
274 * config: Make 'process' optional (#701, #805)
275 * config-linux: Make linux.seccomp.syscalls optional (#768)
276 * config-linux: valueTwo is now optional in
277 `linux.seccomp.syscalls[].args` entries (#877)
278 * config-linux: Remove local range restrictions for blkioWeight,
279 blkioLeafWeight, weight, leafWeight, and shares (#780)
280 * config-linux: Explicitly allow symlinks for providing devices (#873)
281
282 Minor fixes and documentation:
283
284 * config: Remove "MAY support any valid values" sentence (#851)
285 * config: Remove the previously-forbidden mounts[].type from the
286 Windows spec (#854)
287 * config: Clarify mounts[].source relative path anchor (#735)
288 * config: Explicitly make consoleSize ignored if terminal is false or
289 unset (#863)
290 * config: Specify height/width units (characters) for consoleSize (#761)
291 * config: Use "POSIX platforms" instead of "Linux and Solaris" (#838)
292 * config-linux: Explicit namespace for interface names (#713)
293 * config-linux: Explicitly list cgroupsPath as optional (#823)
294 * runtime: Clarify valid container states for 'start', 'kill', and
295 'delete' (#875)
296 * runtime: Explicitly make process.* timing implementation-defined (#700)
297 * specs-go/config: Remove range restrictions from Windows comments (#783)
298 * specs-go/config: Add omitempty to LinuxSyscall.Args (#763)
299 * specs-go/config: Use a pointer for Process.ConsoleSize (#792)
300 * schema/README: Use v1.0.0 URL in examples to prepare for the 1.0.0
301 release (#881)
302 * schema/Makefile: Make 'validate' the default target (#750)
303 * schema/Makefile: Add 'clean' target (#774)
304 * schema: Add 'test' target to the Makefile (#785)
305 * *: Remove unnecessary .PHONY entries (#750, #778, #802)
306 * *: Typo fixes and polishing (#681, #708, #702, #703, #709, #711,
307 #712, #721, #722, #723, #724, #730, #737, #738, #741, #744, #749,
308 #753, #756, #765, #773, #776, #784, #786, #793, #794, #796, #798,
309 #799, #800, #803, #807, #809, #811, #812, #822, #824, #826, #827,
310 #832, #839, #840, #846, #847, #848, #852, #856, #858, #862, #865,
311 #871, #874)
312
313Changes with v1.0.0-rc5:
314
315 Breaking changes:
316
317 * config: Explicitly require `platform` (#695).
318 * config: The platform-specific sections (`linux`, `solaris`, and
319 `windows`) MUST NOT be set unless they match `platform.os` (#673).
320 * config: `process.capabilities` is now an object instead of an
321 array of strings (#675).
322 * config-linux: No longer allow negative values for some resources,
323 partially reversing #648 from v1.0.0-rc4 (#704).
324 * config-linux: `linux.seccomp.syscalls` entries have `names`
325 instead of `name` (#657).
326 * runtime: Rename the state `bundlePath` property to `bundle`
327 (#674).
328
329 Additions:
330
331 * config: `process.capabilities` is no longer Linux-only (#673).
332 * config-linux: `linux.seccomp.syscalls` entries have a new
333 `comment` property (#657).
334 * config-linux: Add new architectures from libseccomp 2.3.2 (#705)
335 * runtime: Add a `creating` state `status` (#507, #694).
336
337 Removals and increased restrictions:
338
339 * runtime: Document hook timing and exit code handling (#532).
340 * schema/config-linux: Explicit `null` values are no longer
341 compliant (#662).
342
343 Decreased restrictions:
344
345 * config: `type` and `source` properties are now optional for
346 `mounts` entries (#699).
347 * config: `args` property is now optional for hooks (#685).
348 * config-linux: Runtimes no longer need to provide `/proc` and
349 other filesystems unless they are explicitly requested in the
350 configuration JSON (#666).
351
352 Minor fixes and documentation:
353
354 * spec: Add OCI Runtime Abstract (#691).
355 * config: Document the Go `platform` tag (#570).
356 * config-linux: Remove local uid/gid mapping limit and punt to the
357 kernel (#693).
358 * schema: Fix broken `string` and similar `$ref`s (#684).
359 * schema: Remove `mounts` from required properties (#696).
360 * schema: Remove `major` and `minor` from `linux.devices` entries
361 (#688).
362 * schema: Check for the required `type`, `hard`, and `soft` in
363 `process.rlimits` entries (#696).
364 * schema/validate: Gained usage documentation and fixed
365 `schemaPath` logic when the argument did not contain `://` (#552).
366 * *: Add anchor tags to a number of spec locations (#707).
367 * *: Consistent link syntax (#687).
368 * *: Minor cleanup and rewording (#697).
369
370Changes with v1.0.0-rc4:
371 Additions:
372
373 * config-linux: Allow negative values for some resources (#648)
374 * config-linux: Lift no-tweaking namespace restriction (#649)
375
376 Removals and increased restrictions:
377
378 * config: Rlimit types must be unique (#607)
379 * config: Forbid empty-string keys in 'annotations' (#645, #654)
380 * config-linux: Require runtime errors for pre-existing devices
381 (#647)
382 * runtime: Only require 'pid' in the state for created/running
383 statuses (#664)
384 * schema: Add 'consoleSize' and update requirements (#646)
385 * schema: Remove string pointers (#656)
386 * schema/config-linux: Remove blockIODeviceThrottle and other
387 pointers (#545)
388
389 Breaking Go changes:
390
391 * specs-go/config: Remove string pointers (#653)
392 * specs-go/config: Make Spec.Hooks a pointer (#427)
393 * specs-go/config: Convert some resources from unsigned integers
394 to signed integers (#648)
395
396 Minor fixes and documentation:
397
398 * config: Explicitly list 'hooks' as optional and cite POSIX for
399 'env' and 'args' (#427)
400 * runtime: Replace "process is stopped" with "process exits"
401 (#465)
402 * schema/config-linux: Add missing kernelTCP (#655)
403 * schema/validate: Allow schema identifiers to contain a URL
404 scheme (#490)
405 * .travis: Fix git-validation commit ranges (#216)
406 * *: Add anchor tags to a number of spec locations (#612, #636,
407 #637, #638, #639, #640)
408 * *: Typo fixes and polishing (#643, #650, #652, #656, #660, #665)
409
410Changes with v1.0.0-rc3:
411 Additions:
412
413 * config: Add support for Windows-based containers (#565, #573)
414 * config: Add process.consoleSize (#563)
415 * config: Explicitly allow unknown extensions and document
416 annotations key conventions (#510)
417 * config: Define mounts entries for Solaris (#588)
418
419 Removals and increased restrictions:
420
421 * config: Require absolute paths for mount destinations (#609)
422 * config-linux: Require absolute path for maskedPaths and
423 readonlyPaths (#587)
424 * config-linux: Only require /dev/console when process.terminal is
425 true. Also require /dev/console to be provided by a bind mount
426 (#518)
427 * runtime: Require runtimes to generate errors when the container
428 specified in config.json cannot be created (#559)
429
430 Breaking Go changes:
431
432 * specs-go/config: Aggressive namespacing (#567)
433 * specs-go/config: Remove pointers from LinuxHugepageLimit,
434 LinuxInterfacePriority, and LinuxPids properties (#586)
435 * specs-go/state: Rename version to ociVersion (#633)
436 LinuxInterfacePriority, and LinuxPids properties (#586)
437
438 Minor fixes and documentation:
439
440 * spec: Separate the spec from project scaffolding (#626)
441 * README: Define "unspecified", "undefined", and
442 "implementation-defined" (#575)
443 * config: Clarify absolue and relative values for root.path (#558)
444 * config: Clarify ociVersion covering the configuration <->
445 runtime API (#523)
446 * config-linux: Forbid duplicated namespaces with same `type`
447 (#597)
448 * glossary: Make objects explicitly unordered and forbid duplicate
449 names (#584)
450 * specs-go/config: Add platform tags to Rlimits and
451 NoNewPRivileges (#564)
452 * schema/defs-linux: Use int64 for major/minor types (#610)
453 * Makefile: Add support for Go 1.7 (#547)
454 * Makefile: Require Go >= 1.6 for golint (#589)
455 * Makefile: Use a POSIX-compatible test ('==' -> '=') (#542)
456 * implementations: Rename ocitools -> runtime-tools (#585)
457 * *: Typo fixes and polishing (#556, #566, #568, #569, #571, #572,
458 #574, #595, #596, #599, #600, #601, #603, #605, #608, #613, #617,
459 #619, #621, #622, #623, #624, #625, #627, #629)
460
461Changes with v1.0.0-rc2:
462 Additions:
463
464 * config-linux: Add new architectures from libseccomp 2.3.0 (#505)
465 * schema: Add JSON Schema for state JSON and move schema.json to
466 config-schema.json and similar (#481, #498, #519)
467
468 Minor fixes and documentation:
469
470 * Add compliance language for platforms and architectures (#527)
471 * Remove "unconditionally compliant" language (#553)
472 * bundle: Remove distribution references (#487)
473 * runtime: Fix sub-bullet indentation (#495)
474 * config: Replace Arch fstab reference with mount(8) (#443)
475 * config: Synchronize comments between Markdown and Go (#525)
476 * config: Drop v0.x compatibility statement (#488)
477 * config-linux: RFC 2119 wording for cgroupsPath (#493)
478 * config-linux: Make linux.devices and linux.resources.devices
479 optional (#526)
480 * config-linux: Extend no-tweak requirement to runtime namespaces (#538)
481 * schema: Add hook.timeout (#544)
482 * schema: Add missing '"type": "object"' (#528)
483 * schema: Run 'make fmt' and remove duplicates (#546, #551)
484 * schema/config: Make 'hostname' optional (#491)
485 * schema/config-linux: Add linux.resources.devices (#550)
486 * specs-go/config: Add Solaris tags to User properties (#496)
487 * specs-go/config: Make Linux and Solaris omitempty again (#502)
488 * specs-go/config: Make KernelTCP and ClassID omitempty (#531)
489 * specs-go/config: Fix "specified" typo for ApparmorProfile (#503)
490 * Makefile: Remove code-of-conduct.md and version.md when clean (#541)
491 * implementations: Mention cc-oci-runtime (#539)
492 * Use filesystem instead of file system (#529)
493 * .pullapprove: Add DCO check via PullApprove
494 * GOVERNANCE: Add governance and release process docs (#521)
495 * README: Change meeting time from 10am to 2pm Pacific (#524)
496 * README: Update conference-call phone number (#512, #515)
497
498Changes with v1.0.0-rc1:
499 Breaking changes:
500
501 * runtime: Split create and start, #384, #450, #463, #464, #467,
502 #468
503 * runtime: Remove exec, #388
504 * runtime: Enviroment MUST match the configuration, #397
505 * config: Runtime MUST generate errors for unsupported platforms,
506 #441
507 * config: Windows mount destinations MUST NOT be nested, #437
508
509 Additions:
510
511 * solaris: Added platform-specific configuration, #411, #424, #431,
512 #436
513 * runtime: Add 'annotations' and 'status' to the state structure,
514 #462, #484, #485
515 * runtime: State no longer needs to be serialized as JSON, #446
516 * runtime-linux: Add /dev symbolic links, #449
517 * config: Allow absolute paths for root.path (which previously
518 required relative paths), #394
519 * config-linux: Add linux.mountLabel, #393
520 * config-linux: Add suport for cgroup namespace, #397
521 * config-linux: Runtime SHOULD NOT modify ownership of any
522 referenced filesystem (previously the restriction only applied to
523 the root filesystem), #452
524 * specs-go/seccomp: Add ppc and s390x to specs-go/config.go, #475
525
526 Minor fixes and documentation:
527
528 * README: Add project.md to the Table of Contents, #376
529 * README: Consistenly indent the Table of Contents, #400
530 * README: Link to LICENSE, #442
531 * README: Weekly call is OCI-wide, #378
532 * config: Explicit runtime namespace for hooks, #415
533 * config: Explicit container namespace for uid, gid, and
534 additionalGids, #412
535 * config: Fix 'string' -> 'array of strings' typo for process.args,
536 #416
537 * runtime: The runtime MAY validate config.json, #418
538 * runtime: Move errors section out of operations, #445
539 * runtime: MAY -> SHOULD for post-stop error logging, #410
540 * schema/README: Document JSON Schema usage, #360, #385
541 * schema: Minor description updates, #456, #461
542 * schema/validate: Support reading documents via stdin, #482
543 * .pullapprove: Automate review approval, #458, #474
544 * .gitignore: Hide more auto-generated files, #386, #392
545 * .travis: git-validation detects Travis now, #366
546 * .travis: Regress on failure to produce docs, #479
547 * Makefile: Filename docs.* -> oci-runtime-spec.*, #478
548 * Makefile: Add install.tools target, #349
549 * Makefile: Allow native pandoc implementations, #428, #448
550 * Makefile: Prefer Bash, #455
551 * Makefile: Travis support for .gitvalidation, #422
552 * specs-go/config: Add missing omitempties for Process.Terminal,
553 Root.Readonly, Spec.Linux, and Spec.Mounts, #408, #429, #430, #431
554 * specs-go/config: Remove incorrect omitempties for User.UID and
555 User.GID, #425
556 * specs-go/config: Drop platform-independent comment, #451
557 * version: Include version in generated documentation, #406
558 * *: Anchor examples, #348
559 * *: Fix remnants from SelinuxProcessLabel to SelinuxLabel rename,
560 #396
561 * *: Outsource code-of-conduct to TOB repository, #375, #413
562 * *: RFC 2119 consistency, #407, #409, #438, #444, #449
563 * *: Typo fixes, #390, #401
564 * *: Whitespace fixes and validation, #380, #381, #426
565 * ROADMAP: Remove stale targets, #435
566
567Changes with v0.5.0:
568 Breaking changes:
569
570 * specs-go: Renamed the repository from opencontainers/specs to
571 opencontainers/runtime-spec, #365
572
573 Additions:
574
575 * config: Add 'timeout' for hooks, #346
576 * config-linux: Add 'maskedPaths' and 'readonlyPaths', #364
577
578 Minor fixes and documentation:
579
580 * JSON Schema bug-fixes and improved examples, #370
581 * README: Define "unconditionally compliant", #374
582 * config: Make Markdown canonical, #342
583 * config: Explicitly list mapping from symbolic names to UID/GIDs as
584 out-of-scope, #347
585 * config-linux: Require the runtime mount namespace for namespace
586 'path' values, #275
587 * config-linux: Reword kernelTCP docs, #377
588 * specs-go: Add omitempty to 'Device' and 'Namespace', #340
589 * .travis.yml: Use built-in 'go vet' and current 'go lint', dropping
590 Go < 1.5, #372, #352
591 * implementations: Expand ocitools scope to include testing, #328
592 * style: Move one-sentence-per-line rule from the README, #369
593 * style: Remove dangling parenthesis, #359
594 * README: Add a link to the IRC logs, #358
595 * Fix "manadate", "exmaple", "paramters", and "preferrably" typos,
596 #353, #354
597
598Changes with v0.4.0:
599 Breaking changes:
600
601 * config: Move capabilities, selinuxProcessLabel, apparmorProfile,
602 and noNewPrivileges from the linux setting to the process setting
603 and make them optional, renaming selinuxProcessLabel to
604 selinuxLabel, #329, #330, #339
605 * runtime: Rename version to ociVerison in the state JSON, #225
606 * runtime: Remove the directory requirement for storing state, now
607 that there is a 'state' operation, #225, #334
608 * go: Shift *.go to specs-go/*.go, #276
609 * config: Move rlimits to process, #341
610 * go: Move config_linux.go content into config.go, removing
611 LinuxSpec, #310
612
613 Additions:
614
615 * schema: Add JSON Schema (and validator) for `config.json`, #313
616 * config: Add annotations for opaque-to-the-runtime data, #331
617 * config-linux: Make seccomp optional, #333
618 * runtime: Added additional operations: state, stop, and exec.
619 #225
620
621 Minor fixes and documentation:
622
623 * config-linux: Change mount type from *rune to *string and fix
624 octal fileMode examples, #323
625 * runtime: RFC 2119 phrasing for the lifecycle, #225
626 * README: Add a full example of config.json, #276
627 * README: Replace BlueJeans with UberConference, #326, #338
628 * style: Document Go-pointer exceptions, #317
629
630Changes with v0.3.0:
631 Breaking changes:
632
633 * config: Single, unified config file, #284
634 * config: cwd is a required default, and must be absolute, #286,
635 #307, #308, #312
636 * config: qualify the name of the version field, #309
637 * config-linux: Convert classID from hex to uint32, #296
638 * config-linux: Separate mknod from cgroups, #298
639
640 Additions:
641
642 * config-linux: Add NoNewPrivileges setting for linux, #290
643
644 Minor fixes and documentation:
645
646 * config-linux: clarify oom_score_adj, #236, #292
647 * config-linux: Update links to cgroups documentation, #318
648 * config-linux: Remove pointers for slices preferring omitempty
649 tag instead, #316
650 * README: add runtime, bundle, and hook author user, #280
651 * ROADMAP: reshuffled and split into GitHub issues, #300, #301,
652 #304, #306
653 * style: Collect established styles in a discoverable location, #287, #311
654
655Changes with v0.2.0:
656 * Add Apparmor, Selinux and Seccomp
657 * Add Apparmor, Selinux and Seccomp sections
658 * Add bind mount example
659 * Add fd section for linux container process
660 * Add Go types for specification
661 * *: adding a code of conduct
662 * Adding cgroups path to the Spec.
663 * .: Adding listing of implementations
664 * .: adding travis file for future CI
665 * Add license and DCO information for contributions
666 * Add linux spec description
667 * Add MAINTAINERS file
668 * Add memory swappiness to linux spec
669 * Add runtime state configuration and structs
670 * Adds a section for user namespace mappings
671 * Adds link to kernel cgroups documentation
672 * Adds section for Linux Rlimits
673 * Adds section for Linux Sysctl.
674 * Adds user namespace to the list of namespaces
675 * bundle: add initial run use case
676 * bundle: Fix 'and any number of and other related' typo
677 * bundle.md: clarify arbitrary/conventional dirnames
678 * bundle.md: fix link formatting
679 * bundle.md: fix off-by-one error
680 * bundle.md: various updates to latest spec
681 * bundle: Move 'Linux sysctl' header to its own line
682 * Change commiter to committer
683 * Change Device field order in spec_linux.go, 'Path' should be top of the 'Type' field, according to the different of the config-linux.md, 'Path' field is the unique key.
684 * Change layout of mountpoints and mounts
685 * Change the rlimit type to string instead of int
686 * Clarify behavior around namespaces paths.
687 * config: Add example additionalGids
688 * config: Add example cwd
689 * config: cleanup language on readonly parameter
690 * config: fix links to go files
691 * config-linux: specify the default devices/filesystems available
692 * config.md: clarify destination for mounts
693 * config.md: make the version a semver
694 * config.md: make the version field example a semver
695 * config.md: minor clean up of process specification
696 * config.md: reformat into a standard style
697 * config.md: update links to spec schema code
698 * config.md: various cleanup/consistency fixes
699 * config: minor cleanup
700 * Deduplicate the field of RootfsPropagation
701 * Define constants for Linux Namespace names
702 * Fix LinuxRuntime field
703 * Fix root object keys
704 * Fix typos in config.md
705 * Fix typos in the "Namespace types" section
706 * Fix typos in the rlimits section
707 * Fix Windows path escaping in example mount JSON
708 * JSON objects are easier to parse/manipulate
709 * made repo public. Added warning in README
710 * Make namespaces match runc
711 * make rootfs mount propagation mode settable
712 * Makes namespaces description linux specific
713 * *.md: markdown formatting
714 * Modify the capabilities constants to match header files like other constants
715 * Move linux specific options to linux spec
716 * README: add a rule for paragraph formatting in markdown
717 * README: Document BlueJeans and wiki archive for meetings
718 * README: Document pre-meeting agenda alteration
719 * README: Document YouTube and IRC backchannel for meetings
720 * README: Focus on local runtime (create/start/stop)
721 * README.md: Add a git commit style guide
722 * README.md: contribution about discussion
723 * README: releases section
724 * README: Remove blank line from infrastructure-agnostic paragraph
725 * removed boilerplate file
726 * *: remove superfluous comma in code-of-conduct
727 * Remove trailing whitespace
728 * Rename SystemProperties to Sysctl
729 * Rename the header "Access to devices" to "Devices" to fit with the config
730 * *: re-org the spec
731 * Replace Linux.Device with more specific config
732 * restore formatting
733 * Return golang compliant names for UID and GID in User
734 * Return golint-compliant naming for mappings
735 * runtime: Add prestart/poststop hooks
736 * runtime_config: comments for golint
737 * runtime-config-linux: Drop 'Linux' from headers
738 * runtime_config_linux: Fix 'LinuxSpec' -> 'LinuxRuntimeSpec' in comment
739 * runtime-config-linux: One sentence per line for opening two paragraphs
740 * runtime-config: Remove blank lines from the end of files
741 * runtime-config: Remove 'destination' docs from mounts
742 * runtime.md: convert oc to runc
743 * runtime: use opencontainer vs oci
744 * *: small spelling fixes
745 * Specific platform specific user struct for spec
746 * spec: linux: add support for the PIDs cgroup
747 * spec_linux: conform to `golint`
748 * spec_linux.go: Rename IDMapping fields to follow syscall.SysProcIDMap
749 * spec_linux: remove ending periods on one-line comments
750 * spec: rename ocp to oci and add a link
751 * specs: add json notation
752 * specs: align the ascii graph
753 * specs: fix the description for the [ug]idMappings
754 * specs: introduce the concept of a runtime.json
755 * .tools: cleanup the commit entry
756 * .tools: repo validation tool
757 * travis: fix DCO validation for merges
758 * typo: containers -> container's
759 * typo: the -> for
760 * Update config-linux for better formatting on values
761 * Update README.md
762 * Update readme with weekly call and mailing list
763 * Update runtime.md
764 * Update runtime.md
765 * Update runtime.md
766 * version: more explicit version for comparison
767
768Changes with v0.1.0:
769 * Add Architecture field to Seccomp configuration in Linux runtime
770 * Add @hqhq as maintainer
771 * Add hyphen for host specific
772 * Adding Vishnu Kannan as a Maintainer.
773 * Add initial roadmap
774 * Add lifecycle for containers
775 * Add oom_score_adj to the runtime Spec.
776 * Add post-start hooks
777 * Add Seccomp constants to description of Linux runtime spec
778 * Add Seccomp constants to Linux runtime config
779 * Add some clarity around the state.json file
780 * adds text describing the upper-case keywords used in the spec
781 * add testing framework to ROADMAP
782 * Appropriately mark optional fields as omitempty
783 * cgroup: Add support for memory.kmem.tcp.limit_in_bytes
784 * Change HugepageLimit.Limit type to uint64
785 * Change the behavior when cgroupsPath is absent
786 * Change version from 0.1.0 to 0.2.0
787 * Clarify the semantics of hook elements
788 * Cleanup bundle.md
789 * Cleanup principles
790 * config: linux: update description of PidsLimit
791 * config: Require a new UTS namespace for config.json's hostname
792 * config: Require the runtime to mount Spec.Mounts in order
793 * convert **name** to **`name`**
794 * Example lists "root' but text mentions "bundlePath"
795 * Fix an extra space in VersionMinor
796 * Fix golint warnings
797 * Fix typo in BlockIO struct comment
798 * Fix typo in Filesystem Bundle
799 * Fix value of swappiness
800 * glossary: Provide a quick overview of important terms
801 * glossary: Specify UTF-8 for all our JSON
802 * hooks: deduplicate the hooks docs
803 * implementations: Link to kunalkushwaha/octool
804 * implementations: Link to mrunalp/ocitools
805 * lifecycle: Don't require /run/opencontainer/<runtime>/containers
806 * lifecycle: Mention runtime.json
807 * lifecycle: no hypens
808 * MAINTAINERS: add tianon per the charter
809 * MAINTAINERS: correct Vish's github account
810 * Makefile: Add glossary to DOC_FILES
811 * Make optional Cgroup related config params pointers along with `omitempty` json tag.
812 * Mark RootfsPropagation as omitempty
813 * *.md: update TOC and links
814 * move the description of Rlimits before example
815 * move the description of user ns mapping to proper file
816 * principles: Give principles their own home
817 * *: printable documents
818 * Project: document release process
819 * README: Fix some headers
820 * README: make header more concise
821 * remove blank char from blank line
822 * Remove the unneeded build tag from the config_linux.go
823 * Remove trailing comma in hooks json example
824 * Rename State's Root to Bundle
825 * ROADMAP.md: remove the tail spaces
826 * roadmap: update links and add wiki reference
827 * runtime: Add 'version' to the state.json example
828 * runtime-config: add example label before json example
829 * runtime-config: add section about Hooks
830 * runtime: config: linux: add cgroups information
831 * runtime: config: linux: Edit BlockIO struct
832 * runtime: config: linux: Fix typo and trailing commas in json example
833 * runtime_config_linux.go: add missing pointer
834 * runtime-config-linux.md: fix the type of cpus and mems
835 * runtime.md: fix spacing
836 * Talk about host specific/independent instead of mutability
837 * .tools: commit validator is a separate project
838 * .tools: make GetFetchHeadCommit do what it says
839 * .travis.yml: add go 1.5.1, update from 1.4.2 to 1.4.3
840 * Update readme with wiki link to minutes
841 * Update Typo in ROADMAP.md
842 * Use unsigned for IDs
843 * version: introduce a string for dev indication
View as plain text