Commits on Jan 27, 2016

1. runtime-config-linux: Separate mknod from cgroups …

   With mknod entries in linux.devices and cgroups entries in
   linux.resources.devices.  Background discussion in [1].
   
   For specifying device cgroups independent of device creation.  This
   makes it easy to distinguish between configs that call for cgroup
   adjustments (which have linux.resources entries) from those that
   don't.  Without this split, folks interested in making that
   distinction would have to parse the device section to determine if it
   included cgroup changes.  This will also make it easy to drop either
   portion (mknod [2] or cgroups [3]) independently of the other if the
   project decides to do so.
   
   Using seperate sections for mknod and cgroups also allows us to avoid
   the complicated validation rules needed for the combined format
   mknod/cgroup [4].
   
   Now that there is a section specific to supplying devices, I shifted
   the default device listing over from config-linux [5].  The /dev/ptmx
   entry is a bit awkward, since it's not a device, but it seemed to fit
   better over here.  But I would also be fine leaving it with the other
   mounts in config-linux.
   
   fileMode, uid, and gid are optional, because mknod(2) doesn't need
   them and specifies the handling when they aren't set [6,7].
   Similarly, major/minor numbers are only required for S_IFCHR and
   S_IFBLK [6].  I've left off wording about required runtime behavior
   for unset values, because I'd rather address that with a blanket rule
   [8].
   
   For the cgroup, access is optional because the kernel docs show an
   example that doesn't write an access field to the devices.deny file
   [9].  The current kernel docs don't go into much detail on this
   behavior (I expect unset and 'rwm' are equivalent), but if the kernel
   doesn't need a value written, the spec should get out of the way and
   allow users to not specify a value.
   
   The reference links are sorted into two blocks, with kernel-doc links
   sorted alphabetically followed by man pages sorted alphabetically by
   section.  The cgroup link is new since 2016-01-13 [10].
   
   [1]: https://groups.google.com/a/opencontainers.org/forum/#!topic/dev/y_Fsa2_jJaM
        Subject: Separate config entries for device mknod and cgroups?
        Date: Mon, 5 Oct 2015 12:46:55 -0700
        Message-ID: <[email protected]>
   [2]: opencontainers#98
   [3]: https://groups.google.com/a/opencontainers.org/forum/#!topic/dev/qWHoKs8Fsrk
        Subject: removal of cgroups from the OCI Linux spec
        Date: Wed, 28 Oct 2015 17:01:59 +0000
        Message-ID: <CAD2oYtO1RMCcUp52w-xXemzDTs+J6t4hS5Mm4mX+uBnVONGDfA@mail.gmail.com>
   [4]: opencontainers#101
   [5]: opencontainers#171 (comment)
   [6]: http://man7.org/linux/man-pages/man2/mknod.2.html#DESCRIPTION
   [7]: https://github.com/opencontainers/specs/pull/298/files#r51053835
   [8]: opencontainers#285 (comment)
   [9]: https://kernel.org/doc/Documentation/cgroup-v1/devices.txt
   [10]: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=34a9304a96d6351c2d35dcdc9293258378fc0bd8
   
   Signed-off-by: W. Trevor King <[email protected]>

   

   wking committed Jan 27, 2016
   Configuration menu

   • View commit details
   • Copy full SHA for 7d5b027
   • Browse repository at this point

   Copy the full SHA

   7d5b027 View commit details

   Browse the repository at this point in the history