#opencontainers log

21:01:33 <wking> #startmeeting 2017-05-12 runtime-spec 1.0 burn-down
21:01:33 <collabot> Meeting started Fri May 12 21:01:33 2017 UTC.  The chair is wking. Information about MeetBot at http://wiki.debian.org/MeetBot.
21:01:33 <collabot> Useful Commands: #action #agreed #help #info #idea #link #topic.
21:01:33 <collabot> The meeting name has been set to '2017_05_12_runtime_spec_1_0_burn_down'
21:01:38 <wking> #chair mrunalp
21:01:38 <collabot> Current chairs: mrunalp wking
21:03:17 <wking> #topic config.md: lifecycle broken links fix
21:03:22 <wking> #link https://github.com/opencontainers/runtime-spec/pull/812
21:03:33 <wking> #topic consistency and style fix
21:03:50 <wking> #link https://github.com/opencontainers/runtime-spec/pull/811
21:04:05 <wking> crosbymichael: let's let this one cook longer
21:04:07 <wking> mrunalp: yeah
21:04:49 <wking> #topic config.go: platform-specific properties of process fix
21:06:14 <wking> #link https://github.com/opencontainers/runtime-spec/pull/810
21:06:32 <wking> mrunalp: should we make this Linux-specific again and have other platforms add their own caps?
21:07:03 <wking> crosbymichael: I think with caps split up, I think it's Linux-specific
21:08:18 <wking> I think bounding/effective and such (but prob. not ambient) were part of the withdrawn POSIX spec, so Solaris might support them
21:08:28 <wking> mrunalp: should we ping Windows/Solaris folks and ask?
21:08:35 <wking> crosbymichael: yeah, let's ping them and wait on it
21:08:49 <wking> #topic config.md: minor changes for process
21:08:54 <wking> #link https://github.com/opencontainers/runtime-spec/pull/809
21:10:49 <wking> crosbymichael: we can wait on this one too
21:11:22 <wking> crosbymichael: for responses to the existing feedback
21:12:08 <wking> #topic config.md: specify mount source
21:12:14 <wking> #link https://github.com/opencontainers/runtime-spec/pull/808
21:12:48 <wking> crosbymichael: I don't think we need the absolute-path restriction anyway
21:12:53 <wking> mrunalp: lets leave it to the runtime for now
21:13:11 <wking> crosbymichael: runc makes it absolute to protect against chcwd()s during setup
21:14:16 <wking> there is a possible security issue floating in this area
21:14:41 <wking> link in #735
21:15:00 <wking> crosbymichael: that's up to the config author (e.g. caps also have security impact)
21:15:29 <wking> crosbymichael: runc is only doing this for chdir() protection, not for the FUSE exploit
21:15:50 <wking> #topic config.md: fix typo of context
21:15:56 <wking> #link https://github.com/opencontainers/runtime-spec/pull/807
21:17:34 <wking> I think neither master or the current tip of this PR are quite where we want.  Either `filesystemtype` or my suggestion in that comment thread
21:17:40 <wking> crosbymichael: I'm fine splitting it
21:20:06 <wking> #topic question about valid values runtime choose to support
21:20:14 <wking> #link https://github.com/opencontainers/runtime-spec/issues/813
21:20:32 <wking> mrunalp: if the runtime doesn't support some new feature, that's fine.  But if the runtime doesn't support 90% of the features, that's probably not right
21:24:54 <wking> [some talk] <-- I'll add a comment to #807 with this
21:25:09 <wking> #topic config.md: specify config usage
21:25:15 <wking> #link https://github.com/opencontainers/runtime-spec/pull/803
21:25:23 <wking> mrunalp: I'm not sure what to do with this
21:28:59 <wking> mrunalp: you need the config for 'create', and you need 'create' to work before you can call 'kill'
21:29:47 <wking> #topic Update to Windows network options
21:29:53 <wking> #link https://github.com/opencontainers/runtime-spec/pull/801
21:30:49 <wking> crosbymichael: H might be correct
21:30:56 <wking> mrunalp: do we have a link to backing docs somewhere?
21:30:59 <wking> crosbymichael: I don't think so
21:32:35 <wking> I'm not sure how this PR fits into 1.0 (I'll add a comment to the PR)
21:33:38 <wking> #topic specs-go/round_trip_test: Add round-trip testing for the config
21:33:43 <wking> #link https://github.com/opencontainers/runtime-spec/pull/759
21:33:55 <wking> We just need to close this with motivation for not pointerizing UID/GID
21:37:31 <wking> It's hard for me to write the comment because I don't understand the pattern
21:37:53 <wking> crosbymichael: if we push through a node serializer, we won't change the spec
21:38:51 <wking> crosbymichael: let's just remove the types from the repo and I'll maintain them myself
21:39:10 <wking> I can file that PR, but that sounds like a bottomless pit
21:41:56 <wking> mrunalp: I'll add a comment with the style pattern
21:43:24 <wking> #topic config-linux: Require no cgroup tweaks when linux.resources is unset
21:43:29 <wking> https://github.com/opencontainers/runtime-spec/pull/576
21:47:00 <wking> mrunalp: let me file a replacement PR
21:47:04 <wking> sounds good
21:48:46 <wking> #topic WIP: config: Clarify mounts[].source relative path anchor
21:48:54 <wking> #link https://github.com/opencontainers/runtime-spec/pull/735
21:49:16 <wking> crosbymichael: people are interacting with this at a higher level
21:49:36 <wking> but people who are writing the config JSON know where the bundle is (same dir as config.json)
21:49:56 <wking> crosbymichael: so chdir to the bundle path and run the mounts
21:50:47 <wking> crosbymichael: yeah, we do anchor to bundle in .... line 58
21:50:53 <wking> mrunalp: in exec.go?
21:51:01 <wking> crosbymichael: in the root of the repo-utils.go
21:51:28 <wking> crosbymichael: so I'm fine anchoring to the bundle
21:57:42 <wking> #topic config.md: format changes
21:57:48 <wking> #link https://github.com/opencontainers/runtime-spec/pull/724
21:57:49 <wking> crosbymichael: merging
22:00:27 <wking> #topic schema/config-linux: add pattern limit for deviceCgroup
22:01:14 <wking> #link https://github.com/opencontainers/runtime-spec/pull/690
22:03:00 <wking> #link https://github.com/opencontainers/runtime-spec/blame/6cc08c24289854bf7a1f48865e49aa4601c5bb60/config-linux.md#L220
22:08:14 <wking> we can leave this close and I can work up a PR that adjust the Markdown side to be more permissive
22:09:21 <wking> #topic schema/defs-linux: Drop 'Capability' type
22:09:26 <wking> #link https://github.com/opencontainers/runtime-spec/pull/766
22:12:03 <wking> the master JSON Schema is saying "the Linux kernel will always use CAP_" (which may be true, but doesn't seem like grounds for a invalidating a config)
22:17:02 <wking> #endmeeting