Are you sure this is correct? There are an awful lot of eth0 when you run containers.

cgroups works on host, you can't run a container with limiting an interface which not exists on host., cgroups will not accept that. For example by runc:
$ cat ~/testdir/config.json |grep -A 5 -B 5 eth0
},
"network": {
"classID": 1048577,
"priorities": [
{
"name": "eth0",
"priority": 500
}
]
}
},

$ sudo runc run --bundle ~/testdir test
container_linux.go:247: starting container process caused "process_linux.go:386: container init caused "process_linux.go:327: setting cgroup config for ready process caused \"failed to write eth0 500 to net_prio.ifpriomap: write /sys/fs/cgroup/net_cls,net_prio/test/net_prio.ifpriomap: no such device\"""

While I'm sure this is a correct statement, this is IMO another instance where we shouldn't be adding wording around Linux kernel implementation details. If someone wants to put a random value in a field they'd better understand what they're actually doing (in terms of the kernel features they're using) otherwise things would break no matter how much guidance we give.

From my PoV I see no reason why this restriction will always be true in the kernel -- how is the case handled where you have a file descriptor set up in a different network namespace (for instance)? if the kernel changes some behaviour (or they extend it) then we'd have to update the spec.

I think if we don't make it clear, people may be confused interface name should be which in container network namespace or in runtime network namespace.
At least, it seems @crosbymichael is thinking about interface name is which in container network namespace.

I think it mis-read it the first time sorry. It does seem correct. I'm indifferent about adding this line, I think its fine leaving it out like @cyphar said but its also fine adding it as the additional is pretty straight forward.

ping @opencontainers/runtime-spec-maintainers

LGTM