18:03:52 #startmeeting 2016-01-06 discussion 18:03:52 Meeting started Wed Jan 6 18:03:52 2016 UTC. The chair is wking. Information about MeetBot at http://wiki.debian.org/MeetBot. 18:03:52 Useful Commands: #action #agreed #help #info #idea #link #topic. 18:03:52 The meeting name has been set to '2016_01_06_discussion' 18:04:03 #chair crosbymichael mrunalp vbatts|work RobDolinMS 18:04:03 Current chairs: RobDolinMS crosbymichael mrunalp vbatts|work wking 18:04:23 http://wking.github.io/nmbug-oci/ 18:04:46 #info We'll start with existing issues and then discuss planning 18:04:50 #topic Feedback on --state 18:06:00 Doug: Is this getting us away from a notion of a OCI file sharing state in the filesystem in a shared location 18:06:00 #link https://groups.google.com/a/opencontainers.org/forum/#!searchin/dev/state/dev/q6TYqVZOcX8/W1RVyCXCCQAJ 18:06:18 #link https://github.com/wking/oci-command-line-api/pull/14 18:06:22 Mrunal: Unpriv'd containers can't necessarily write to file system b/c won't have permissions 18:06:58 Mrunal: Suggest we touch on this next week (at F2F) 18:07:06 Michael: What happens when you don't pass this flag? 18:07:14 Trevor: If you don't pass, the file doesn't get written 18:07:42 +1 I’d prefer: runc —id xxx state 18:07:44 Mrunal: I had a different understanding 18:08:02 can people mute 18:08:13 Trevor: should we continue discussion on list? 18:08:19 vbatts? 18:08:33 duglin: gracious 18:08:44 to be continued on the list, since we're not all on the same page 18:08:59 Crosby: maybe we just say we don't have the directory in the spec so store it where you want. 18:09:06 duglin: concerned about lack of interop in the absence of a global directory 18:09:17 Doug: It seems like this would be mandating a CLI 18:09:24 duglin: is personally ok with this, but not sure everyone is onboard 18:09:40 Mrunal: Not suggesting we remove state, just change requirement of where to store it. 18:10:08 Trevor: This just gives the option to get out of global directory 18:11:01 prefer the requirement be that the location be configurable 18:11:09 Trevor: There is a summary of benefits in the email to list and PR 18:11:23 https://github.com/opencontainers/runc/blob/master/main.go#L60 18:11:26 Trevor: Will add example of unprivileged user if not added. 18:11:31 #action wking to check for a concrete example of an unprivileged user and add one if missing 18:11:41 Thanks Trevor :) 18:13:43 #topic separating device cgroups and mknod 18:14:19 #link https://groups.google.com/a/opencontainers.org/forum/#!searchin/dev/mknod/dev/y_Fsa2_jJaM/SydzptqPBQAJ 18:15:11 mrunalp so you can specify devices you want to create without messing with cgroups, which is useful for unprivileged containers 18:15:30 Crosby: How does this help nested containers? 18:15:31 crosbymichael how does it help nested containers? 18:15:51 mrunalp there's no current way to opt-out of cgroup device changes 18:15:53 Mrunal: Having this in the old place requires specifying 18:16:51 wking: This simplifies logic and reduces complexity 18:17:29 this separation also makes it easy to distinguish between join and join-and-modify cgroups, because you don't have to parse a unified mknod/cgroups to decide if it makes group changes 18:17:47 #link http://github.com/opencontainers/specs/pull/99 18:17:55 ^ previous pull request in this direction 18:18:17 crosbymichael: concerned that if we go too low level, the OCI isn't very useful 18:19:21 #action rebase #99 and re-submit 18:19:28 #action wking rebase #99 and re-submit 18:19:37 #action mrunalp will post with an example of why this is useful 18:19:46 #action single, unified config file 18:19:51 #topic single, unified config file 18:20:13 #link https://groups.google.com/a/opencontainers.org/forum/#!searchin/dev/unified$20config$20file/dev/0QbyJDM9fWY/VP-tGxG_DgAJ 18:20:22 crosbymichael: doesn't care, but stop waffling 18:20:33 Crosby: I'm open to either direction, but want us to choose one and move forward 18:20:58 Trevor: recording reasons for decisions we make would be useful 18:21:13 Trevor has posted to the list to this effect. 18:21:42 I’d just like to know when a fireplace became a desk :-) 18:21:55 #link https://github.com/opencontainers/specs/pull/88#issuecomment-126516625 18:22:06 ^ my initial pushback on "this split is not well defined" 18:22:39 vbatts|work: once we realized you can override anything, and that the bundle-author config is just a suggestion, unifying makes more sense 18:23:51 vbatts|work: if we store what we ran, the bundle-author can compare the executed config against their supplied config and see how close they got to something acceptable 18:23:56 to me its not so much about what an impl can override, it can always do whatever it wants/needs, rather its about what we think a bundle author might want to specify when running a container - which should probably be a pretty large list. 18:25:36 vbatts|work: agrees that flip-flopping is frustrating 18:25:58 Vincent: Biggest concern is what is host-dependent and what is host-independent 18:26:07 Vincent: This is not solving that problem 18:32:59 Vincent: important to have the primitives available for trust 18:33:13 Trevor: what's the gain by splitting the config? 18:33:20 Vincent: b/c one of them is not distributed 18:33:58 I’m wondering if it we need to separate the “distribution” discussion from the “run this container” discussion. 18:34:25 Trevor: how is this different? 18:35:23 Vincent: If you have two files (one being changed and one not), the file not being changed can be part of a trust verification process 18:35:46 Mrunal: proposes continuing discussion next week 18:35:47 ^ I agree that it's worth splitting distribution from "start the container" 18:36:11 yes I’ll have a call-in # for the f2f next week 18:36:54 #link https://github.com/opencontainers/specs/pull/284 18:36:58 ^ the unification PR 18:36:59 #action vbatts|work to write-up perspective on why two files 18:37:27 #topic Disable new privileges 18:37:33 https://github.com/opencontainers/specs/pull/290 18:37:34 #link https://github.com/opencontainers/specs/pull/290 18:38:08 philips: suggests just exposing prctl 18:38:09 Mrunal: Brandon had input on this 18:38:32 mrunalp: feels like we want a higher-level UI like disableNewPrivileges 18:38:43 Mrunal: suggests it makes sense to have a flag 18:38:59 Mrunal: brandon is proposing something more complex 18:39:17 Mrunal: We're trying to figure-out which approach we should have in the spec 18:39:26 a) Expose raw system calls 18:39:32 b) Higher-level fields 18:39:46 crosbymichael: likes higher level fields and abstractions, because if we're just exposing syscalls, what's the point? 18:39:48 Crosby: likes (b) 18:40:06 Mrunal: this provides more flexibility for unique run-time implementations 18:40:25 mrunalp: higher-level APIs like disableNewPrivileges allow different runtimes to implement the feature differently 18:40:47 although if the specs require a particular syscall for implementing that^, I don't see how they could do it differently 18:40:48 Crosby: We're a step up from the kernel 18:41:07 #info Mrunal: we'll just record this in the PR and take it forward next week 18:41:24 Crosby: Maybe we can change th boolean name to be more cross-platform 18:41:43 mrunalp: maybe we did that earlier and have since split it out? Not sure 18:42:01 #action mrunalp to investigate a split-out security section and post notes 18:42:23 Mrunal: That's all I had for active issues 18:42:50 I’d like to talk about the f2f - just briefly before we end the call 18:43:02 +1 18:43:38 #topic splitting the rootfs into a content-addressable entity, not embedded in the bundle 18:43:54 vbatts|work: suggesting this^ 18:44:23 I think this is a distribution issue, so we don't need runtime changes to address it 18:44:58 #link https://github.com/opencontainers/specs/pull/293 18:45:08 ^ proposal for stacking layers to create a rootfs 18:45:31 #link https://groups.google.com/a/opencontainers.org/forum/#!topic/dev/6ZKMNWujDhU 18:45:38 ^ thread about optional rootfs 18:46:19 #link https://groups.google.com/a/opencontainers.org/forum/#!search/messageid$3A%22CAD2oYtN-9yLLhG_STO3F1h58Bn5QovK$2Bu3wOBa$3Dt$2B7TQi-hP1Q@mail.gmail.com%22/dev/xo4SQ92aWJ8/NHpSQ19KCAAJ 18:46:26 ^ most recent bundle/distribution discussion 18:46:45 vbatts|work: this is not layering, this is content-addressing the whole rootfs filesystem 18:46:54 Mrunal: Suggests starting a new discussion on the list 18:46:56 #action will post a new thread to the list explaining this approach 18:47:02 #action vbatts|work will post a new thread to the list explaining this approach 18:48:15 vbatts|work: could allow you to have separate sigs for rootfs and config, so you could have an audited config from an untrusted user running on a trusted rootfs (e.g. Debian, or whatever, from a more well-known entity) 18:48:30 #topic milestones 18:48:38 mrunalp: talk about them next week? 18:48:40 #info It makes sense to discuss next week 18:48:47 crosbymichael: talk about feature completion 18:48:57 Crosby: We're at "alpha" now, let's try to get to "beta" 18:49:37 we can punt on image distribution until we get to runtime feature completion 18:49:53 f2f doc: https://docs.google.com/document/d/1AtpEgQOc0lzuwRIJuPZgCHdYz4olpTwszsCoeRR1_r4/edit 18:49:55 We can have a rotating "release manager" role to make sure we hit milestones 18:50:16 #topic discussing the face-to-face meeting 18:50:55 Day 1: 10am - 6pm 18:52:45 #info Day 1: 10am - 6pm (Pacific) 18:53:14 #info Day 2: 8:30am - 4pm (Pacific) 18:53:35 #info Thumbs-up to dinner on day 2 18:54:02 Vincent: that's fine with me 18:55:06 #link https://docs.google.com/document/d/1AtpEgQOc0lzuwRIJuPZgCHdYz4olpTwszsCoeRR1_r4/edit please review topics and add at least a one-liner to the document in advance 18:55:17 #info Doug: We'll decide order when we get there 18:56:02 #info Lunch on Day 1 looks like Jimmy John's 18:56:13 Rob LOVES the #14 with cheese easy mayo ;) 18:57:11 BIG THANKS Doug for hosting the F2F ! 18:57:16 #endmeeting