runtime-spec
runtime-spec copied to clipboard
opencontainers
add domainname spec entity
add the domainname entity so that container runtimes can add special handling similar to hostname. The current workaround of adding a sysctl for kernel.domainname only works with rootful execution in most cases. This will allow for rootless execution.
container runtimes will be able to add special handling as they do for hostname, using setdomainname to add the entry to /proc/sys/kernel/domainname.
Signed-off-by: Charlie Doern [email protected]
Nit:
This will allow for rootless execution
I think in commit message following must be extended to specify how a container-runtime should utilize this field, two approach i could think are runtime invokes setdomainname( or the second one is write /proc/sys/kernel/domainname before setting up UTS namespace but is it possible in rootless session ? (Requesting maintainers to confirm)
Nit:
This will allow for rootless execution
I think in commit message following must be extended to specify how a
container-runtimeshould utilize this field, two approach i could think are runtime invokessetdomainname(or the second one is write/proc/sys/kernel/domainnamebefore setting up UTS namespace but is it possible in rootless session ? (Requesting maintainers to confirm)
I think using setdomainname makes the most sense. Currently crun uses sethostname for the hostname.
What should happen if the sysctl is also specified but with a different value? Should it fail?
@AkihiroSuda Afaik In crun i think sysctl is not allowed at all if OCI spec already has a knob to configure it, for instance i can see for kernel/hostname : https://github.com/containers/crun/blob/main/src/libcrun/linux.c#L3198