Comments (11)
mrunalp
commented on June 15, 2024
I think it makes sense to embed the config into the state as is.
from runtime-spec.
LK4D4
commented on June 15, 2024
Also I think we should allow implementation to store state in any desired form. It can be registry key for windows for example. But hooks will always consume text version of state, so info about storage method will never leak outside implementation.
from runtime-spec.
philips
commented on June 15, 2024
What does "cgroup/resource information" mean?
from runtime-spec.
vmarmol
commented on June 15, 2024
/cc @vmarmol
from runtime-spec.
mrunalp
commented on June 15, 2024
@crosbymichael I think all the items in your lists make sense as state that could be passed to the hooks.
from runtime-spec.
wking
commented on June 15, 2024
On Tue, Jun 30, 2015 at 04:59:34PM -0700, Michael Crosby wrote:
Some of this information would be duplicated from the initial
container's config so it maybe worth it to look into embedding the
original config into the state structure.
I think embedding the initial config is less useful than embedding the
current effective config. For example, if you update the container to
mount a new directory, adjust limits, etc., the embedded config should
be a config capable of launching you directly into the current state
(modulo memory state in the running processes, which is what
checkpoint/restore is about).
from runtime-spec.
vmarmol
commented on June 15, 2024
We spoke about this in the meeting today. We don't think it makes sense to have here config where the source of truth is the kernel (e.g.: resource limits). We should have some immutable state which with some pre-defined operation can provide the current state. Otherwise keeping these in sync will be expensive and difficult to do.
from runtime-spec.
wking
commented on June 15, 2024
On Wed, Jul 22, 2015 at 09:58:45PM -0700, Victor Marmol wrote:
We don't think it makes sense to have here config where the source
of truth is the kernel (e.g.: resource limits).
The kernel is enforcing those resource limits, so why not make it the
source of truth?
We should have some immutable state…
Do you have an example workflow where a container's initial resource
limits (or whatever) matter and are different from the current
resource limits? I'm trying to understand the utility of a stale
state dump…
Otherwise keeping these in sync will be expensive and difficult to
do.
I'm not sure about difficult, but I'm not terribly worried about the
expense. These state dumps are just for hooks and occasional
host-initiated maintenance, right? I don't see us needing to refresh
them multiple times per second. Is there a particular check that you
expect to be difficult/expensive?
from runtime-spec.
philips
commented on June 15, 2024
@crosbymichael My concern with having device node, sysctl, rlmit, etc state parameters is that we are simply serializing Kernel features and state. Why not tell consumers to read from the source of truth instead?
from runtime-spec.
philips
commented on June 15, 2024
Gah, sorry for piling on I had this tab with a half finished response and the stuff from Victor hadn't loaded yet.
from runtime-spec.
crosbymichael
commented on June 15, 2024
Ya, in my PR for the state it is much more conservative and gives people just the information required to look in the correct locations.
from runtime-spec.
Related Issues (20)
- runtime.md: State MUST be serialized with specific indentation pattern? HOT 3
- `runAsGroup` vs `supplementalGroups` HOT 3
- support PostExit Hook HOT 11
- Proposal: Add the `update` operation HOT 1
- When using Windows containers in Containerd the windows layerFolder is null and the root is blank HOT 10
- whether update container delete doc
- When running `make rust-oci-tests` getting error `container state could not be retrieved successfully.` HOT 3
- features.md: add unsafe annotation list HOT 2
- config-linux: Should we clarify when should we set the swap limit? HOT 2
- idmapped mounts: should they be applied recursively?
- dev versions don't respect semver HOT 6
- features: mountExtensions: how best to represent feature support for idmap? HOT 5
- Update `config_linux.md` when libseccomp `v2.6.0` is relased
- Why does the oci runtime spec define the runtime operation after the proposal of" runtime CLI spec" has been rejected? HOT 2
- Proposal: Support filter (Includes and Excludes) feature in LinuxSyscall HOT 7
- Proposal: Network Devices HOT 12
- Build error with clang++ 17 HOT 7
- Proposal: use pre-generated BPF filter HOT 3
- Damarcus Jones Professional
- Proposal: synchronize cgroupv1 deprecation announcements HOT 7
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from runtime-spec.