This includes the process to run, environment variables to inject, sandboxing features to use, etc.

[Platform](spec.md#platforms)-specific configuration schema are defined in the [platform-specific documents](#platform-specific-configuration) linked below.

For properties that are only defined for some [platforms](spec.md#platforms), the Go property has a `platform` tag listing those protocols (e.g. `platform:"linux,solaris"`).

Below is a detailed description of each field defined in the configuration format and valid values are specified.

Platform-specific fields are identified as such.

For all platform-specific configuration values, the scope defined below in the [Platform-specific configuration](#platform-specific-configuration) section applies.

The Open Container Runtime Specification follows semantic versioning and retains forward and backward compatibility within major versions.

For example, if a configuration is compliant with version 1.1 of this specification, it is compatible with all runtimes that support any 1.1 or later release of this specification, but is not compatible with a runtime that supports 1.0 and not 1.1.

```

**`root`** (object, OPTIONAL) specifies the container's root filesystem.

On Windows, for Windows Server Containers, this field is REQUIRED.

For [Hyper-V Containers](config-windows.md#hyperv), this field MUST NOT be set.

* **`path`** (string, REQUIRED) Specifies the path to the root filesystem for the container.

* On Windows, `path` MUST be a [volume GUID path][naming-a-volume].

A directory MUST exist at the path declared by the field.

"root": {

"path": "rootfs",

"readonly": true

}

```

### Example (Windows)

```json

"root": {

"path": "\\\\?\\Volume{ec84d99e-3f02-11e7-ac6c-00155d7682cf}\\"

}

```

The runtime MUST mount entries in the listed order.

For Linux, the parameters are as documented in [mount(2)][mount.2] system call man page.

For Solaris, the mount entry corresponds to the 'fs' resource in the [zonecfg(1M)][zonecfg.1m] man page.

This value MUST be an absolute path.

* Windows: one mount destination MUST NOT be nested within another mount (e.g., c:\\foo and c:\\foo\\bar).

* Solaris: corresponds to "dir" of the fs resource in [zonecfg(1M)][zonecfg.1m].

* Windows: a local directory on the filesystem of the container host. UNC paths and mapped drives are not supported.

* Solaris: corresponds to "special" of the fs resource in [zonecfg(1M)][zonecfg.1m].

* Linux: supported options are listed in the [mount(8)][mount.8] man page.

Note both [filesystem-independent][mount.8-filesystem-independent] and [filesystem-specific][mount.8-filesystem-specific] options are listed.

### Example (Windows)

```json

"mounts": [

{

"destination": "C:\\folder-inside-container",

"source": "C:\\folder-on-host",

}

]

```

* **`type`** (string, OPTIONAL) The type of the filesystem to be mounted.

* Linux: filesystem types supported by the kernel as listed in */proc/filesystems* (e.g., "minix", "ext2", "ext3", "jfs", "xfs", "reiserfs", "msdos", "proc", "nfs", "iso9660").

* Solaris: corresponds to "type" of the fs resource in [zonecfg(1M)][zonecfg.1m].

```json

"mounts": [

{

"destination": "/tmp",

"type": "tmpfs",

"source": "tmpfs",

"options": ["nosuid","strictatime","mode=755","size=65536k"]

},

{

"destination": "/data",

"type": "bind",

"source": "/volumes/testing",

"options": ["rbind","rw"]

}

]

```

### Example (Solaris)

```json

"mounts": [

{

"destination": "/opt/local",

"type": "lofs",

"source": "/usr/local",

"options": ["ro","nodevices"]

},

{

"destination": "/opt/sfw",

"type": "lofs",

"source": "/opt/sfw"

}

]

```

* **`terminal`** (bool, OPTIONAL) specifies whether a terminal is attached to the process, defaults to false.

As an example, if set to true on Linux a pseudoterminal pair is allocated for the process and the pseudoterminal slave is duplicated on the process's [standard streams][stdin.3].

* **`consoleSize`** (object, OPTIONAL) specifies the console size in characters of the terminal.

Runtimes MUST ignore `consoleSize` if `terminal` is `false` or unset.

* **`height`** (uint, REQUIRED)

* **`width`** (uint, REQUIRED)

* **`env`** (array of strings, OPTIONAL) with the same semantics as [IEEE Std 1003.1-2008's `environ`][ieee-1003.1-2008-xbd-c8.1].

* **`args`** (array of strings, REQUIRED) with similar semantics to [IEEE Std 1003.1-2008 `execvp`'s *argv*][ieee-1003.1-2008-xsh-exec].

* **`type`** (string, REQUIRED) the platform resource being limited.

* Linux: valid values are defined in the [`getrlimit(2)`][getrlimit.2] man page, such as `RLIMIT_MSGQUEUE`.

* Solaris: valid values are defined in the [`getrlimit(3)`][getrlimit.3] man page, such as `RLIMIT_CORE`.

The runtime MUST [generate an error](runtime.md#errors) for any values which cannot be mapped to a relevant kernel interface

For each entry in `rlimits`, a [`getrlimit(3)`][getrlimit.3] on `type` MUST succeed.

For the following properties, `rlim` refers to the status returned by the `getrlimit(3)` call.

* **`soft`** (uint64, REQUIRED) the value of the limit enforced for the corresponding resource.

`rlim.rlim_cur` MUST match the configured value.

* **`hard`** (uint64, REQUIRED) the ceiling for the soft limit that could be set by an unprivileged process.

`rlim.rlim_max` MUST match the configured value.

Only a privileged process (e.g. one with the `CAP_SYS_RESOURCE` capability) can raise a hard limit.

If `rlimits` contains duplicated entries with same `type`, the runtime MUST [generate an error](runtime.md#errors).

* **`capabilities`** (object, OPTIONAL) is an object containing arrays that specifies the sets of capabilities for the process.

Valid values are defined in the [capabilities(7)][capabilities.7] man page, such as `CAP_CHOWN`.

Any value which cannot be mapped to a relevant kernel interface MUST cause an error.

`capabilities` contains the following properties:

* **`effective`** (array of strings, OPTIONAL) the `effective` field is an array of effective capabilities that are kept for the process.

* **`bounding`** (array of strings, OPTIONAL) the `bounding` field is an array of bounding capabilities that are kept for the process.

* **`inheritable`** (array of strings, OPTIONAL) the `inheritable` field is an array of inheritable capabilities that are kept for the process.

* **`permitted`** (array of strings, OPTIONAL) the `permitted` field is an array of permitted capabilities that are kept for the process.

* **`ambient`** (array of strings, OPTIONAL) the `ambient` field is an array of ambient capabilities that are kept for the process.

* **`noNewPrivileges`** (bool, OPTIONAL) setting `noNewPrivileges` to true prevents the process from gaining additional privileges.

As an example, the [`no_new_privs`][no-new-privs] article in the kernel documentation has information on how this is achieved using a `prctl` system call on Linux.

If `oomScoreAdj` is set, the runtime MUST set `oom_score_adj` to the given value.

If `oomScoreAdj` is not set, the runtime MUST NOT change the value of `oom_score_adj`.

This is a per-process setting, where as [`disableOOMKiller`](config-linux.md#disable-out-of-memory-killer) is scoped for a memory cgroup.

For more information on how these two settings work together, see [the memory cgroup documentation section 10. OOM Contol][cgroup-v1-memory_2].

* **`uid`** (int, REQUIRED) specifies the user ID in the [container namespace](glossary.md#container-namespace).

* **`gid`** (int, REQUIRED) specifies the group ID in the [container namespace](glossary.md#container-namespace).

_Note: symbolic name for uid and gid, such as uname and gname respectively, are left to upper levels to derive (i.e. `/etc/passwd` parsing, NSS, etc)_

"process": {

"terminal": true,

"consoleSize": {

"height": 25,

"width": 80

},

"user": {

"uid": 1,

"gid": 1,

"env": [

"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",

"TERM=xterm"

],

"args": [

"sh"

"apparmorProfile": "acme_secure_profile",

"selinuxLabel": "system_u:system_r:svirt_lxc_net_t:s0:c124,c675",

"capabilities": {

"bounding": [

"CAP_AUDIT_WRITE",

"CAP_KILL",

"CAP_NET_BIND_SERVICE"

],

"permitted": [

"CAP_AUDIT_WRITE",

"CAP_KILL",

"CAP_NET_BIND_SERVICE"

],

"inheritable": [

"CAP_AUDIT_WRITE",

"CAP_KILL",

"CAP_NET_BIND_SERVICE"

],

"effective": [

"CAP_AUDIT_WRITE",

],

"ambient": [

"CAP_NET_BIND_SERVICE"

]

},

"rlimits": [

{

"type": "RLIMIT_NOFILE",

"hard": 1024,

"soft": 1024

}

]

}

### Example (Solaris)

```json

"process": {

"terminal": true,

"consoleSize": {

"height": 25,

"width": 80

},

"user": {

"uid": 1,

"gid": 1,

"additionalGids": [2, 8]

},

"env": [

"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",

"TERM=xterm"

],

"cwd": "/root",

"args": [

"/usr/bin/bash"

]

}

```

For Windows based systems the user structure has the following fields:

### Example (Windows)

```json

"process": {

"terminal": true,

"user": {

"username": "containeradministrator"

},

"env": [

"VARIABLE=1"

"cwd": "c:\\foo",

"args": [

"someapp.exe",

]

}

```

On Linux, for example, this will change the hostname in the [container](glossary.md#container-namespace) [UTS namespace][uts-namespace.7].

Depending on your [namespace configuration](config-linux.md#namespaces), the container UTS namespace may be the [runtime](glossary.md#runtime-namespace) [UTS namespace][uts-namespace.7].

```

### Example (Linux)

```json

{

"linux": {

"namespaces": [

{

"type": "pid"

}

]

}

}

```

* **`prestart`** (array of objects, OPTIONAL) is an array of [pre-start hooks](#prestart).

Entries in the array contain the following properties:

* **`args`** (array of strings, OPTIONAL) with the same semantics as [IEEE Std 1003.1-2008 `execv`'s *argv*][ieee-1003.1-2008-functions-exec].

* **`env`** (array of strings, OPTIONAL) with the same semantics as [IEEE Std 1003.1-2008's `environ`][ieee-1003.1-2008-xbd-c8.1].

* **`timeout`** (int, OPTIONAL) is the number of seconds before aborting the hook.

If set, `timeout` MUST be greater than zero.

* **`poststart`** (array of objects, OPTIONAL) is an array of [post-start hooks](#poststart).

Entries in the array have the same schema as pre-start entries.

* **`poststop`** (array of objects, OPTIONAL) is an array of [post-stop hooks](#poststop).

Entries in the array have the same schema as pre-start entries.

```json

"prestart": [

{

"path": "/usr/bin/fix-mounts",

"args": ["fix-mounts", "arg1", "arg2"],

"env": [ "key1=value1"]

},

{

"path": "/usr/bin/setup-network"

}

],

"poststart": [

{

}

],

"poststop": [

{

"path": "/usr/sbin/cleanup.sh",

"args": ["cleanup.sh", "-f"]

}

]

}

```

This information MAY be structured or unstructured.

Annotations MUST be a key-value map.

If there are no annotations then this property MAY either be absent or an empty map.

Keys MUST be strings.

Keys MUST NOT be an empty string.

Keys SHOULD be named using a reverse domain notation - e.g. `com.example.myKey`.

Keys using the `org.opencontainers` namespace are reserved and MUST NOT be used by subsequent specifications.

Implementations that are reading/processing this configuration file MUST NOT generate an error if they encounter an unknown annotation key.

Values MUST be strings.

Values MAY be an empty string.