An OCI compliant runtime MUST store container metadata on disk so that external tools can consume and act on this information.

OCI compliant runtimes MUST support the following operations, unless support for the operation can not be supported by the base operating system (kernel) itself.

OPEN: we should consider specifying the options/args for each operation.

For example, checkpoint (for runc) seems to have a lot of params.

Using the `config.json` and `runtime.json` files, along with the file system path referenced in the `config.json`, this operation MUST create a new container.

This includes creating the relevant namespaces, cgroups and configuring the appropriate capabilities for the container.

This operation MUST start a previously created container.

Starting a container MUST create a new process, as specified by the `config.json` file within the scope of the container.

Attempting to start an already running container MUST have no effect on the container and MUST generate an error.

Starting a stopped container, one that had been previously be running, MUST create a new process, as specified by the `config.json` file, within the scope of the container.

OPEN: the entire "generate an error" stuff in here is something we should discuss.

My initial thought was that it would be better to generate an error so that the call would know exactly what happened - meaning, did something new take place or was the container already running. If we didn't return an error (or something) then the caller wouldn't know. And they can always ignore errors if they want/need to.

This operation MUST stop a running container.

Stopping a container MUST stop all of the processes running within the scope of the container.

Stopping a container MUST NOT delete the associated namespaces or cgroups for the container.

Attempting to stop a container that is not running MUST have no effect on the container and MUST generate an error.

This operation MUST delete a container.

Deleting a container MUST delete the associated namespaces and cgroups for the container.

Deleting a container that is not stopped MUST first stop the container as specified by the `stop` operation.

If the implied `stop` operations fails then the `delete` operation MUST fail.

This operation MUST suspend all processes that are running within the container.

If the container is not running, either stopped or aleady paused, then this operation MUST have no effect on the container and MUST generate an error.

This operation MUST resume all processes that were previously paused via the `pause` operation.

If the container is not paused then this operation MUST have no effect on the container and MUST generate an error.

This operation MUST create a new process within the scope of the container.

If the container is not running then this operation MUST have no effect on the container and MUST generate an error.

Executing this operation multiple times MUST result in a new process each time.

Unlike the container's main process which is specified in the `config.json` file, this specification does not define how the `exec` process is defined.

This operation MUST create a checkpoint of a running container.

If the container is not running then this operation MUST have no effect on the container and MUST generate an error.

This specification does not specify how, or to where, the checkpoint data is persisted.

OPEN: can we checkpoint a stopped container?

OPEN: we really should specify where to find the checkpoint info the same way we tell people where the state data is kept.

This operation MUST restore a container to a previously created checkpoint state.

This specification does not specify how, or from where, the checkpoint data is provided to the runtime.

Many of the operations specified in this specification have "hooks" that allow for additional actions to be taken before or after each operation.

See [runtime configuration for hooks](./runtime-config.md) for more information.