|
2 | 2 |
|
3 | 3 | ## State |
4 | 4 |
|
5 | | -Runtime MUST store container metadata on disk so that external tools can consume and act on this information. |
| 5 | +An OCI compliant runtime MUST store container metadata on disk so that external tools can consume and act on this information. |
6 | 6 | It is recommended that this data be stored in a temporary filesystem so that it can be removed on a system reboot. |
7 | 7 | On Linux/Unix based systems the metadata MUST be stored under `/run/opencontainer/containers`. |
8 | 8 | For non-Linux/Unix based systems the location of the root metadata directory is currently undefined. |
@@ -54,6 +54,77 @@ The lifecycle describes the timeline of events that happen from when a container |
54 | 54 |
|
55 | 55 | Note: The lifecycle is a WIP and it will evolve as we have more use cases and more information on the viability of a separate create phase. |
56 | 56 |
|
| 57 | +## Operations |
| 58 | + |
| 59 | +OCI compliant runtimes MUST support the following operations, unless support for the operation can not be supported by the base operating system (kernel) itself. |
| 60 | + |
| 61 | +### Errors |
| 62 | +In cases where the specified operation generates an error, this specification does not mandate how, or even if, that error is returned or exposed to the user of an implementation. |
| 63 | +Unless otherwise stated, generating an error MUST leave the state of the environment as if the operation were never attempted - modulo any possible trivial ancillary changes such as logging. |
| 64 | + |
| 65 | +### Create |
| 66 | + |
| 67 | +Using the `config.json` and `runtime.json` files, along with the file system path referenced in the `config.json`, this operation MUST create a new container. |
| 68 | +This includes creating the relevant namespaces, cgroups and configuring the appropriate capabilities for the container. |
| 69 | + |
| 70 | +### Start |
| 71 | + |
| 72 | +This operation MUST start a previously created container. |
| 73 | +Starting a container MUST create a new process, as specified by the `config.json` file within the scope of the container. |
| 74 | +Attempting to start an already running container MUST have no effect on the container and MUST generate an error. |
| 75 | +Starting a stopped container, one that had been previously be running, MUST create a new process, as specified by the `config.json` file, within the scope of the container. |
| 76 | + |
| 77 | +### Stop |
| 78 | + |
| 79 | +This operation MUST stop a running container. |
| 80 | +Stopping a container MUST stop all of the processes running within the scope of the container. |
| 81 | +Stopping a container MUST NOT delete the associated namespaces or cgroups for the container. |
| 82 | +Attempting to stop a container that is not running MUST have no effect on the container and MUST generate an error. |
| 83 | + |
| 84 | +### Delete |
| 85 | + |
| 86 | +This operation MUST delete a container. |
| 87 | +Deleting a container MUST delete the associated namespaces and cgroups for the container. |
| 88 | +Deleting a container that is not stopped MUST first stop the container as specified by the `stop` operation. |
| 89 | +If the implied `stop` operations fails then the `delete` operation MUST fail. |
| 90 | + |
| 91 | +### Pause |
| 92 | + |
| 93 | +This operation MUST suspend all processes that are running within the container. |
| 94 | +If the container is not running, either stopped or aleady paused, then this operation MUST have no effect on the container and MUST generate an error. |
| 95 | + |
| 96 | +### Unpause |
| 97 | + |
| 98 | +This operation MUST resume all processes that were previously paused via the `pause` operation. |
| 99 | +If the container is not paused then this operation MUST have no effect on the container and MUST generate an error. |
| 100 | + |
| 101 | +### Exec |
| 102 | + |
| 103 | +This operation MUST create a new process within the scope of the container. |
| 104 | +If the container is not running then this operation MUST have no effect on the container and MUST generate an error. |
| 105 | +Executing this operation multiple times MUST result in a new process each time. |
| 106 | +Unlike the container's main process which is specified in the `config.json` file, this specification does not define how the `exec` process is defined. |
| 107 | + |
| 108 | +### Checkpoint |
| 109 | + |
| 110 | +This operation MUST create a checkpoint of a running container. |
| 111 | +If the container is not running then this operation MUST have no effect on the container and MUST generate an error. |
| 112 | +This specification does not specify how, or to where, the checkpoint data is persisted. |
| 113 | + |
| 114 | +OPEN: can we checkpoint a stopped container? |
| 115 | + |
| 116 | +OPEN: What's the state of the container afterwards? runc allows for the user to specify it. |
| 117 | + |
| 118 | +OPEN: we really should specify where to find the checkpoint info the same way we tell people where the state data is kept. |
| 119 | + |
| 120 | +### Restore |
| 121 | + |
| 122 | +This operation MUST restore a container to a previously created checkpoint state. |
| 123 | +This specification does not specify how, or from where, the checkpoint data is provided to the runtime. |
| 124 | + |
| 125 | +OPEN: what state must the container be in before they can do this? |
| 126 | + |
57 | 127 | ## Hooks |
58 | 128 |
|
59 | | -See [runtime configuration for hooks](./runtime-config.md) |
| 129 | +Many of the operations specified in this specification have "hooks" that allow for additional actions to be taken before or after each operation. |
| 130 | +See [runtime configuration for hooks](./runtime-config.md) for more information. |
0 commit comments