You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The spec didn't say whether the hooks are executed in the container
environment or not (in Linux namespaces, with cgroups and rlimits
applied).
In rkt, hooks are executed in the container environment. In runc, hooks
are executed outside of the container environment.
The example with setting up the network namespace in "prestart" suggests
that the command is generic and does not have to exist in the container
rootfs. So I assume the spec was meant to say hooks are executed outside
of the container environment.
Signed-off-by: Alban Crequy <[email protected]>
Copy file name to clipboardExpand all lines: config.md
+2Lines changed: 2 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -373,6 +373,7 @@ For POSIX platforms, the configuration structure supports `hooks` for configurin
373
373
Entries in the array contain the following properties:
374
374
* **`path`** (string, REQUIRED) with similar semantics to [IEEE Std 1003.1-2008 `execv`'s *path*][ieee-1003.1-2008-functions-exec].
375
375
This specification extends the IEEE standard in that **`path`** MUST be absolute.
376
+
Runtimes MUST resolve this value in the [runtime mount namespace](glossary.md#runtime-namespace).
376
377
* **`args`** (array of strings, OPTIONAL) with the same semantics as [IEEE Std 1003.1-2008 `execv`'s *argv*][ieee-1003.1-2008-functions-exec].
377
378
* **`env`** (array of strings, OPTIONAL) with the same semantics as [IEEE Std 1003.1-2008's `environ`][ieee-1003.1-2008-xbd-c8.1].
378
379
* **`timeout`** (int, OPTIONAL) is the number of seconds before aborting the hook.
@@ -384,6 +385,7 @@ For POSIX platforms, the configuration structure supports `hooks` for configurin
384
385
385
386
Hooks allow users to specify programs to run before or after various lifecycle events.
386
387
Hooks MUST be called in the listed order.
388
+
Hooks MUST be executed in the [runtime namespace](glossary.md#runtime-namespace).
387
389
The [state](runtime.md#state) of the container MUST be passed to hooks over stdin so that they may do work appropriate to the current state of the container.
0 commit comments