Hook: add type attribute to spec

[liubin]

For vm-based runtimes, like Kata Containers, the hooks become confused, some hooks may need run on the host side, but others may need to run on the guest side.

Add type attribute identity where the hooks should run, the host side or guest side, and let runtime treat them separately.

Signed-off-by: bin liu [email protected]

[giuseppe]

how are these used by Kata? Is there any open PR that uses the new attribute?

[liubin]

@giuseppe Indeed Kata only supports running hooks on the host side now. And Kata has a feature named guest hook that running in the VM. Users can add hooks to the guest image. When Kata containers start, the agent inside the guest will scan for hooks and add them to the OCI spec of the containers. Here is one issue https://github.com/kata-containers/kata-containers/issues/3729.

Adding the type attribute can make it easy to decide whether run hooks on the host or guest.

@flouthoc I understand what you are meaning. I have thought of some workaround, for example passing the host/guest flag by ENV field, or setting flags in annotations.

How about adding a new field annotations to Hook? It's will be more generic and extendable than fixed-named field names like type. Through annotations, users can pass more metadata to runtime for handling hooks.

[AkihiroSuda]

Through annotations, users can pass more metadata to runtime for handling hooks.

The state object already has annotations.

https://github.com/opencontainers/runtime-spec/blob/main/runtime.md#state

Is this enough for your usecase?

[AkihiroSuda]

ping @liubin

[liubin]

@AkihiroSuda Sorry for the late response, I'm considering closing this one as comments above.

And I'll try to think about other plans including your with real-world use cases later.