You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
runtime: lifecycle: environment must match config.json
Make it clear that if a runtime cannot set up an environment that
*precisely* matches the config.json provided, it must generate an error.
This is important because not doing this can cause security issues.
Signed-off-by: Aleksa Sarai <[email protected]>
Copy file name to clipboardexpand all lines: runtime.md
+1
Original file line number
Diff line number
Diff line change
@@ -35,6 +35,7 @@ The lifecycle describes the timeline of events that happen from when a container
35
35
1. OCI compliant runtime's `create` command is invoked with a reference to the location of the bundle and a unique identifier.
36
36
How these references are passed to the runtime is an implementation detail.
37
37
2. The container's runtime environment MUST be created according to the configuration in [`config.json`](config.md).
38
+
If the runtime is unable to create the environment specified in the [`config.json`](config.md), it MUST generate an error.
38
39
While the resources requested in the [`config.json`](config.md) MUST be created, the user-specified code (from [`process`](config.md#process-configuration) MUST NOT be run at this time.
39
40
Any updates to `config.json` after this step MUST NOT affect the container.
40
41
3. Once the container is created additional actions MAY be performed based on the features the runtime chooses to support.
0 commit comments