add domainname spec entity #1156
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
cdoern
requested review from
crosbymichael,
cyphar,
dqminh,
giuseppe,
hqhq,
mrunalp,
tianon and
vbatts
as code owners
|
@giuseppe PTAL |
flouthoc
suggested changes
Aug 8, 2022
There was a problem hiding this comment.
I think this should also update the config schema
diff --git a/schema/config-schema.json b/schema/config-schema.json
index a4d1274..cf66c65 100644
--- a/schema/config-schema.json
+++ b/schema/config-schema.json
@@ -35,6 +35,9 @@
"hostname": {
"type": "string"
},
+ "domainname": {
+ "type": "string"
+ },
"mounts": {
"type": "array",
"items": {
|
Nit:
I think in commit message following must be extended to specify how a |
|
as @flouthoc pointed out, please update the config schema as well |
I think using setdomainname makes the most sense. Currently crun uses sethostname for the hostname. |
add the domainname entity so that container runtimes can add special handling similar to hostname. The current workaround of adding a sysctl for kernel.domainname only works with rootful execution in most cases. This will allow for rootless execution. container runtimes will be able to add special handling as they do for hostname, using setdomainname to add the entry to /proc/sys/kernel/domainname. Signed-off-by: Charlie Doern <[email protected]>
AkihiroSuda
approved these changes
Aug 10, 2022
|
What should happen if the sysctl is also specified but with a different value? Should it fail? |
|
@AkihiroSuda Afaik In crun i think sysctl is not allowed at all if OCI spec already has a knob to configure it, for instance i can see for |
|
@opencontainers/runtime-spec-maintainers Can we merge this? |
vbatts
approved these changes
Aug 25, 2022
utam0k
added a commit
to utam0k/oci-spec-rs
that referenced
this pull request
Aug 28, 2022
utam0k
added a commit
to utam0k/oci-spec-rs
that referenced
this pull request
Aug 28, 2022
utam0k
added a commit
to utam0k/oci-spec-rs
that referenced
this pull request
Aug 28, 2022
opencontainers/runtime-spec#1156 Signed-off-by: utam0k <[email protected]>
utam0k
added a commit
to utam0k/kata-containers
that referenced
this pull request
Sep 5, 2022
opencontainers/runtime-spec#1156 Signed-off-by: utam0k <[email protected]>
utam0k
added a commit
to utam0k/runc
that referenced
this pull request
Sep 11, 2022
opencontainers/runtime-spec#1156 Signed-off-by: utam0k <[email protected]>
utam0k
added a commit
to utam0k/kata-containers
that referenced
this pull request
Sep 12, 2022
opencontainers/runtime-spec#1156 Signed-off-by: utam0k <[email protected]>
utam0k
added a commit
to utam0k/runc
that referenced
this pull request
Sep 23, 2022
opencontainers/runtime-spec#1156 Signed-off-by: utam0k <[email protected]> Implement to set a domain name Signed-off-by: utam0k <[email protected]>
2 tasks
flouthoc
added a commit
to flouthoc/crun
that referenced
this pull request
Oct 1, 2022
Setting sysctl `kernel.domainname` directly by user is not environment agnostic, it shows either incorrect ( on non-working ) behaviour in `rootless` environment. It was decided to make this part of `runtime-spec` so the OCI runtime can itself handle this behaviour correctly. As a result a new field `domainname` was added to `runtime-spec`. Since crun already implementes this field therefore `sysctl` configured by user conflicts with the behaviour expected by the OCI runtime. Runtime-spec PR: opencontainers/runtime-spec#1156 Furthermore a similar `sysctl` `kernal.hostname` is blocked by crun explicitly to prevent this conflicting behaviour. https://github.com/containers/crun/blob/main/src/libcrun/linux.c#L3203 Signed-off-by: Aditya R <[email protected]>
flouthoc
added a commit
to flouthoc/crun
that referenced
this pull request
Oct 3, 2022
Setting sysctl `kernel.domainname` directly by user is not environment agnostic, it shows either incorrect ( on non-working ) behaviour in `rootless` environment. It was decided to make this part of `runtime-spec` so the OCI runtime can itself handle this behaviour correctly. As a result a new field `domainname` was added to `runtime-spec`. Since crun already implementes this field therefore `sysctl` configured by user conflicts with the behaviour expected by the OCI runtime. Runtime-spec PR: opencontainers/runtime-spec#1156 Furthermore a similar `sysctl` `kernal.hostname` is blocked by crun explicitly to prevent this conflicting behaviour. https://github.com/containers/crun/blob/main/src/libcrun/linux.c#L3203 Following commit ensures that crun rejects sysctl `kernel.domainname` when OCI field `domainname` is already set. Signed-off-by: Aditya R <[email protected]>
flouthoc
added a commit
to flouthoc/crun
that referenced
this pull request
Oct 3, 2022
Setting sysctl `kernel.domainname` directly by user is not environment agnostic, it shows either incorrect ( on non-working ) behaviour in `rootless` environment. It was decided to make this part of `runtime-spec` so the OCI runtime can itself handle this behaviour correctly. As a result a new field `domainname` was added to `runtime-spec`. Since crun already implementes this field therefore `sysctl` configured by user conflicts with the behaviour expected by the OCI runtime. Runtime-spec PR: opencontainers/runtime-spec#1156 Furthermore a similar `sysctl` `kernal.hostname` is blocked by crun explicitly to prevent this conflicting behaviour. https://github.com/containers/crun/blob/main/src/libcrun/linux.c#L3203 Following commit ensures that crun rejects sysctl `kernel.domainname` when OCI field `domainname` is already set. Signed-off-by: Aditya R <[email protected]>
flouthoc
added a commit
to flouthoc/crun
that referenced
this pull request
Oct 3, 2022
Setting sysctl `kernel.domainname` directly by user is not environment agnostic, it shows either incorrect ( on non-working ) behaviour in `rootless` environment. It was decided to make this part of `runtime-spec` so the OCI runtime can itself handle this behaviour correctly. As a result a new field `domainname` was added to `runtime-spec`. Since crun already implementes this field therefore `sysctl` configured by user conflicts with the behaviour expected by the OCI runtime. Runtime-spec PR: opencontainers/runtime-spec#1156 Furthermore a similar `sysctl` `kernal.hostname` is blocked by crun explicitly to prevent this conflicting behaviour. https://github.com/containers/crun/blob/main/src/libcrun/linux.c#L3203 Following commit ensures that crun rejects sysctl `kernel.domainname` when OCI field `domainname` is already set. Signed-off-by: Aditya R <[email protected]>
flouthoc
added a commit
to flouthoc/crun
that referenced
this pull request
Oct 3, 2022
Setting sysctl `kernel.domainname` directly by user is not environment agnostic, it shows either incorrect ( on non-working ) behaviour in `rootless` environment. It was decided to make this part of `runtime-spec` so the OCI runtime can itself handle this behaviour correctly. As a result a new field `domainname` was added to `runtime-spec`. Since crun already implementes this field therefore `sysctl` configured by user conflicts with the behaviour expected by the OCI runtime. Runtime-spec PR: opencontainers/runtime-spec#1156 Furthermore a similar `sysctl` `kernal.hostname` is blocked by crun explicitly to prevent this conflicting behaviour. https://github.com/containers/crun/blob/main/src/libcrun/linux.c#L3203 Following commit ensures that crun rejects sysctl `kernel.domainname` when OCI field `domainname` is already set. Signed-off-by: Aditya R <[email protected]>
flouthoc
added a commit
to flouthoc/crun
that referenced
this pull request
Oct 3, 2022
Setting sysctl `kernel.domainname` directly by user is not environment agnostic, it shows either incorrect ( on non-working ) behaviour in `rootless` environment. It was decided to make this part of `runtime-spec` so the OCI runtime can itself handle this behaviour correctly. As a result a new field `domainname` was added to `runtime-spec`. Since crun already implementes this field therefore `sysctl` configured by user conflicts with the behaviour expected by the OCI runtime. Runtime-spec PR: opencontainers/runtime-spec#1156 Furthermore a similar `sysctl` `kernal.hostname` is blocked by crun explicitly to prevent this conflicting behaviour. https://github.com/containers/crun/blob/main/src/libcrun/linux.c#L3203 Following commit ensures that crun rejects sysctl `kernel.domainname` when OCI field `domainname` is already set. Signed-off-by: Aditya R <[email protected]>
utam0k
added a commit
to utam0k/runc
that referenced
this pull request
Oct 4, 2022
opencontainers/runtime-spec#1156 Signed-off-by: utam0k <[email protected]>
This was referenced Jan 24, 2023
Merged
Closed
utam0k
added a commit
to utam0k/runc
that referenced
this pull request
Feb 1, 2023
opencontainers/runtime-spec#1156 Signed-off-by: utam0k <[email protected]>
utam0k
added a commit
to utam0k/runc
that referenced
this pull request
Feb 14, 2023
opencontainers/runtime-spec#1156 Signed-off-by: utam0k <[email protected]>
utam0k
added a commit
to utam0k/runc
that referenced
this pull request
Apr 12, 2023
opencontainers/runtime-spec#1156 Signed-off-by: utam0k <[email protected]>
dims
pushed a commit
to dims/libcontainer
that referenced
this pull request
Oct 19, 2024
opencontainers/runtime-spec#1156 Signed-off-by: utam0k <[email protected]>
This was referenced Jan 21, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
add the domainname entity so that container runtimes can add special handling similar to hostname. The current workaround of adding a sysctl for kernel.domainname only works with rootful execution in most cases. This will allow for rootless execution.
container runtimes will be able to add special handling as they do for hostname, using setdomainname to add the entry to /proc/sys/kernel/domainname.
Signed-off-by: Charlie Doern [email protected]