config: Bump Hyper-V condition from root.path to root itself #838
Conversation
| @@ -11,7 +11,7 @@ type Spec struct { | |||
| // Process configures the container process. | |||
| Process *Process `json:"process,omitempty"` | |||
| // Root configures the container's root filesystem. | |||
| Root Root `json:"root"` | |||
| Root *Root `json:"root,omitempty"` | |||
There was a problem hiding this comment.
This may fall under the no-pointers-if-required-on-any-platform policy that @mrunalp was going to document. If so, I can drop the pointer (and omitempty?), but it would be nice to get that policy documented.
There was a problem hiding this comment.
Does it make sense to have a pointer-required-if-field-must-not-be-set-on-a-platform policy instead?
In this case: keep *Root and omitempty because it MUST NOT be set for Hyper-V containers
There was a problem hiding this comment.
Does it make sense to have a pointer-required-if-field-must-not-be-set-on-a-platform policy instead?
We already have some policy wording for pointers, but they focus on input requirements. I think we also want to consider output requirements with Go's default JSON serializer, and would recommend:
Use
omitemptyon properties which MAY be unset for a platform that uses the parent type. Ofomitemptyproperties, use pointers if the Go zero value is legal (so we can serialize"uid": 0and such) or if the property is a Go type (to work around golang/go#11939).
as a new hole we'd want to poke in the current no-pointer preference. That would mean that we'd want omitempty here (because root MUST NOT be set for Hyper-V containers, which passes “MAY be unset for a platform that uses the parent type”) and we'd want a pointer here (because property is a Go type). However, it would also mean we'd want omitempty for User.UID and User.GID (because they MAY be unset on Windows, and Windows uses User too for User.Username) and we'd want pointers for them (because 0 is a valid ID), and those changes were rejected in #759. So instead of proposing a pointer policy, I'm just trying to flag changes that may be impacted by the maintainers' apparent policy and waiting for them to us how they want that case handled.
wking
force-pushed
the
bump-path-requirement-to-root
branch
from
c652c06
to
de31fae
Compare
wking
force-pushed
the
bump-path-requirement-to-root
branch
from
de31fae
to
b9b8a51
Compare
|
Rebased around #849 with de31fae → b9b8a51. Now instead of just making the requirement clearner I'm also addressing inconsistencies that we'd missed when reviewing #849 (e.g. the |
|
Also, if we want the condition-shift to land before 2.0, it
needs to land by 1.0 unless we preview Windows [1], because before
this commit Hyper-V containers MUST set ‘"root": {}’ and after it they
MUST NOT set ‘root’. My impression is that the preview is unlikely to
happen, and I think this PR makes the Windows experience more
straightforward, so I recommend putting this PR in the 1.0 freeze
milestone [2].
Ping @jhowardmsft, @darrenstahlmsft, @sunjayBhatia, and other Windows
folks in case they want to weigh in.
[1]: #817 (comment)
[2]: https://github.com/opencontainers/runtime-spec/milestone/15
|
wking
force-pushed
the
bump-path-requirement-to-root
branch
from
b9b8a51
to
8a3b20b
Compare
wking
force-pushed
the
bump-path-requirement-to-root
branch
from
8a3b20b
to
c80f4a2
Compare
|
@jhowardmsft Please review this one |
wking
force-pushed
the
bump-path-requirement-to-root
branch
from
c80f4a2
to
dfe9cb9
Compare
|
LGTM (not a maintainer) |
config.md
Outdated
|
|
||
| * On Windows, `path` MUST be a [volume GUID path][naming-a-volume]. | ||
|
|
||
| * On Linux and Solaris, `path` is either an absolute path or a relative path to the bundle. |
There was a problem hiding this comment.
Can you remove the linux && solaris here like we discussed in the call
wking
force-pushed
the
bump-path-requirement-to-root
branch
from
dfe9cb9
to
de14115
Compare
As requested by Michael [1], this reduces the number of changes required if BSD or some such is added to the config. This change leaves a bit of a gap between the platforms listed in spec.md, since readers have to figure out on their own that the POSIX properties apply to the linux and solaris platforms (and potentially other future platforms). But Michael felt like it's ok to leave that gap, at least for now [2]. [1]: opencontainers#838 (comment) [2]: http://ircbot.wl.linuxfoundation.org/meetings/opencontainers/2017/opencontainers.2017-06-01-17.41.log.html#l-60 Signed-off-by: W. Trevor King <wking@tremily.us>
Don't require users targetting Hyper-V to set an empty object ("root":
{}). This also avoids confusion about whether you can set
root.readonly without setting root.path (you can't).
Move the relative, absolute, and rootfs bits into a POSIX paragraph,
because they don't apply to Windows where the value MUST be a volume
GUID path (since 2283e63, Windows: Remove Sandbox, additional tweaks,
2017-05-23, opencontainers#849).
We don't need the "for Windows Server containers" condition on volume
GUID paths, because with this commit that condition is already applied
at the 'root' level and the Hyper-V case has already been handled
there.
Signed-off-by: W. Trevor King <wking@tremily.us>
wking
force-pushed
the
bump-path-requirement-to-root
branch
from
de14115
to
589d2eb
Compare
As requested by Michael [1], this reduces the number of changes required if BSD or some such is added to the config. This change leaves a bit of a gap between the platforms listed in spec.md, since readers have to figure out on their own that the POSIX properties apply to the linux and solaris platforms (and potentially other future platforms). But Michael felt like it's ok to leave that gap, at least for now [2]. [1]: opencontainers#838 (comment) [2]: http://ircbot.wl.linuxfoundation.org/meetings/opencontainers/2017/opencontainers.2017-06-01-17.41.log.html#l-60 Signed-off-by: W. Trevor King <wking@tremily.us>
config.md
Outdated
|
|
||
| * On Windows, `path` MUST be a [volume GUID path][naming-a-volume]. | ||
|
|
||
| * On POSIX, `path` is either an absolute path or a relative path to the bundle. |
There was a problem hiding this comment.
"On POSIX" doesn't make any sense -- POSIX isn't a platform, it's a specification, and it's one that Windows is compliant with in many cases.
I'd perfer to see this say either "On Unix" or "On Unix-like platforms".
There was a problem hiding this comment.
See also #835 (comment) (from @crosbymichael).
There was a problem hiding this comment.
"On POSIX" doesn't make any sense -- POSIX isn't a platform, it's a specification, and it's one that Windows is compliant with in many cases.
I've changed “On POSIX” to “On POSIX platforms” in 589d2eb → 767eeaf.
I'd perfer to see this say either "On Unix" or "On Unix-like platforms".
What is the gap between “Unix-like platforms” and “POSIX platforms”? “Unix-like platforms” seems too vague for a spec, and if we want a name for non-Windows that is distinct from POSIX, I think we need to define that name when we define our compliance tracks. I'd suggested that on the 1st, but @crosbymichael prefered to punt on that for now.
Looking at the properties I'm associating with POSIX here:
- For
root.path, POSIX platforms clearly do not include Windows, because POSIX paths are slash-separated. mounts[].typeis less clearly POSIX-specific (or even Unix-like-specific), since POSIX defines neithermount(8)normount(2). However, it's also unclear to me why Windows only supports volume GUID paths. Is that a limitation of the Windows platform, or just a limitation of the current Windows runtime?process.user.uidand friends are POSIX-platform-specific, since numeric user and group IDs are defined by POSIX. I'm not aware of numeric user/group IDs on Windows, but if it does support them, I'd expect Windows runtimes to supportprocess.user.uid, etc. as well.hooksis less clearly POSIX-specific (or even Unix-like-specific), since these seem easy to implement regardless of your platform. I suspect this is a limitation of the current Windows runtime, and not a limitation of the Windows platform, so tying it to POSIX platforms seems no worse than tying it to Unix-like platforms. Maybe we want to leave this one as an explicit “Linux and Solaris Hooks” or “Hooks (not Windows)” or some such?
As requested by Michael [1], this reduces the number of changes required if BSD or some such is added to the config. This change leaves a bit of a gap between the platforms listed in spec.md, since readers have to figure out on their own that the POSIX properties apply to the linux and solaris platforms (and potentially other future platforms). But Michael felt like it's ok to leave that gap, at least for now [2]. I've used "On POSIX platforms" and similar (instead of "On POSIX") because, as Tianon points out [3], there is some space between POSIX-the-spec and platforms which implement it. [1]: opencontainers#838 (comment) [2]: http://ircbot.wl.linuxfoundation.org/meetings/opencontainers/2017/opencontainers.2017-06-01-17.41.log.html#l-60 [3]: opencontainers#838 (comment) Signed-off-by: W. Trevor King <wking@tremily.us>
wking
force-pushed
the
bump-path-requirement-to-root
branch
from
589d2eb
to
767eeaf
Compare
|
LGTM |
|
ping @tianon |
|
|
||
| * On Windows, `path` MUST be a [volume GUID path][naming-a-volume]. | ||
|
|
||
| * On POSIX platforms, `path` is either an absolute path or a relative path to the bundle. |
There was a problem hiding this comment.
I think POSIX here is also not suitable as in #835
|
(@tianon is on vacation ✨ ) LGTM |
|
Generally LGTM, although I still have a big eyebrow-raising at our use of POSIX to mean "non-Windows platforms". |
Through f4d221c (Merge pull request opencontainers#880 from dqminh/wking-linux-only-capabilities-again, 2017-07-05). The rc6 release picked up an earlier version of these notes, and those entries are mostly unchanged except for: * The credentialSpec entry, which was opencontainers#814 for credentialspec and now also includes opencontainers#859 for credentialSpec. * The root(.path) Hyper-V entry, which was opencontainers#820 for root.path and now also includes opencontainers#838 for root. I also moved this into the "breaking changes" section, because rc5 Hyper-V configs required root to be set, and rc6 Hyper-V configs require it to not be set. Although whether rc5 allowed Hyper-V configs at all is not clear to me. * Fixed indenting for the typo-fixes entry, as well as a number of more recent typo-fix PRs. Signed-off-by: W. Trevor King <wking@tremily.us>
Through f4d221c (Merge pull request opencontainers#880 from dqminh/wking-linux-only-capabilities-again, 2017-07-05). The rc6 release picked up an earlier version of these notes, and those entries are mostly unchanged except for: * The credentialSpec entry, which was opencontainers#814 for credentialspec and now also includes opencontainers#859 for credentialSpec. * The root(.path) Hyper-V entry, which was opencontainers#820 for root.path and now also includes opencontainers#838 for root. I also moved this into the "breaking changes" section, because rc5 Hyper-V configs required root to be set, and rc6 Hyper-V configs require it to not be set. Although whether rc5 allowed Hyper-V configs at all is not clear to me. * Fixed indenting for the typo-fixes entry, as well as a number of more recent typo-fix PRs. Signed-off-by: W. Trevor King <wking@tremily.us>
I'd broken this in 2022e3e (config: Bump Hyper-V condition from root.path to root itself, 2017-05-18, opencontainers#838), where I'd misread the initial bolding ** as a list bullet or something. The extra indents don't cause a problem for the first paragraph, but they cause the "On all other platforms..." paragraph to be interpreted as a <pre> block. Signed-off-by: W. Trevor King <wking@tremily.us>
Don't require users targetting Hyper-V to set an empty object (
"root": {}). This also avoids confusion about whether you can setroot.readonlywithout settingroot.path(you can't).Following #820.