runtime-spec icon indicating copy to clipboard operation
runtime-spec copied to clipboard

Published 20 hours ago verified publisher icon opencontainers

clarify kill and delete operation for shared pid namespace container

Open lifubang opened this issue 2 years ago • 8 comments

There was no description for delete a container which doesn't have it's own private pid namespace, so it may cause some break changes when we do code refactor in this area. Maybe we should add some descriptions for this.

~~In fact, container-runtime kill [-a,--all] container_id signal] and container-runtime delete [-f,--force] container_id has been used by upstream projects for many years, but it isn't defined in runtime-spec. It may cause some break changes when we do code refactor in this area.~~ ~~So, maybe we should define it clearly in runtime-spec.~~

background: https://github.com/opencontainers/runc/issues/4049

lifubang avatar Oct 06 '23 01:10 lifubang

@opencontainers/runtime-spec-maintainers PTAL, we need this PR to make a decision how to fix a bug in runc(https://github.com/opencontainers/runc/issues/4047). Looking forward your feedback, thanks.

lifubang avatar Oct 08 '23 10:10 lifubang

https://github.com/opencontainers/runtime-spec/blob/6331715093bfcf25137411bfacb403235ed7d018/runtime.md?plain=1#L95

I wonder we should change this rule or not? Before we change this rule, I changed my PR to clarify kill and delete operation for shared pid namespace container, if we don't think this type container should be described in runtime-spec, feel free to close this PR.

lifubang avatar Oct 10 '23 11:10 lifubang

@lifubang the operation can be function or command-line. -a is kind of command-line api. I think the maintainer can accept <all> here.

However, the runc kill -a has been used for many years. <all> can be -a in the command-line implementation, is it correct? @AkihiroSuda

fuweid avatar Oct 11 '23 03:10 fuweid

However, the runc kill -a has been used for many years. can be -a in the command-line implementation, is it correct? @AkihiroSuda

Yes, but the command line implementation is (currently) out of the scope of the OCI Runtime Spec.

AkihiroSuda avatar Oct 11 '23 03:10 AkihiroSuda

Yes, but the command line implementation is (currently) out of the scope of the OCI Runtime Spec.

How about add runtime-cmd-api.md to define all the basic command apis?

lifubang avatar Oct 11 '23 03:10 lifubang

Yes, but the command line implementation is (currently) out of the scope of the OCI Runtime Spec.

How about add runtime-cmd-api.md to define all the basic command apis?

Adding the CLI spec to the Runtime Spec was once rejected in 2017 (https://github.com/opencontainers/runtime-spec/pull/513#issuecomment-278550496) and accepted in the runtime-tools repo: https://github.com/opencontainers/runtime-tools/blob/master/docs/command-line-interface.md

I guess we can revisit this, but it is beyond the scope of this PR. (Feel free to open an issue/PR)

AkihiroSuda avatar Oct 11 '23 03:10 AkihiroSuda

Yes, but the command line implementation is (currently) out of the scope of the OCI Runtime Spec.

How about add runtime-cmd-api.md to define all the basic command apis?

Adding the CLI spec to the Runtime Spec was once rejected in 2017 (https://github.com/opencontainers/runtime-spec/pull/513#issuecomment-278550496) and accepted in the runtime-tools repo: https://github.com/opencontainers/runtime-tools/blob/master/docs/command-line-interface.md

I guess we can revisit this, but it is beyond the scope of this PR. (Feel free to open an issue/PR)

Thanks. We should discuss it in other pr (I also received the runc maintainer's comment about introducing new flag https://github.com/opencontainers/runc/pull/4045)

fuweid avatar Oct 11 '23 05:10 fuweid

@opencontainers/runtime-spec-maintainers PTAL

lifubang avatar Dec 06 '23 10:12 lifubang