Skip to content

Commit

Permalink
runtime.md: Require 'create' to fail if config.json asks for the impo…
Browse files Browse the repository at this point in the history
…ssible

We don't want to silently ignore settings that we understand but
cannot implement [1] (we *do* want to ignore settings that we don't
understand [2], but that's a separate issue).

This raises a slightly sticky certification issue.  If a runtime
*always* exits 'create' with an error:

  func create() err {
    return fmt.Errorf("nope, I cannot create that container either.")
  }

it would be neither complaint nor non-compliant.  It would not fail
any MUSTs, but availing itself of the "cannot create the maintainer"
option specified in this commit would mean the test suite could not
test the deeper requirements around the config properties themselves.

So with this change, making Microsoft certifiable will still need an
explicit weakening around root.path.  The easiest way to do that might
be to have separate annotations for whether a setting is optional for
config authors and whether it's optional for runtime authors
(supported):

  * **`readonly`** (bool, config:optional, support:optional) ...

But I'll leave hashing that out to a later commit.  Regardless of the
certification impact, we want to be clear that silently ignoring known
parameters is wrong.

[1]: https://github.com/opencontainers/runtime-spec/pull/476/files/9b8e21826cc9887f51f095604120cfbb788078b2#r65400731
     Subject: [ Config | Root Config ] Clarify readonly
[2]: opencontainers#510
     Subject: Add text about extensions

Signed-off-by: W. Trevor King <[email protected]>
  • Loading branch information
wking committed Sep 8, 2016
1 parent 7a36e7e commit 10b731e
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions runtime.md
Original file line number Diff line number Diff line change
Expand Up @@ -87,6 +87,7 @@ This operation MUST generate an error if it is not provided a path to the bundle
If the ID provided is not unique across all containers within the scope of the runtime, or is not valid in any other way, the implementation MUST generate an error and a new container MUST not be created.
Using the data in [`config.json`](config.md), this operation MUST create a new container.
This means that all of the resources associated with the container MUST be created, however, the user-specified code MUST NOT be run at this time.
If the runtime cannot create the container as specified in `config.md`, it MUST generate an error and a new container MUST not be created.

Upon successful completion of this operation the `status` property of this container MUST be `created`.

Expand Down

0 comments on commit 10b731e

Please sign in to comment.