You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The spec didn't say whether the hooks are executed in the container
environment or not (in Linux namespaces, with cgroups and rlimits
applied).
In rkt, hooks are executed in the container environment. In runc, hooks
are executed outside of the container environment.
The example with setting up the network namespace in "prestart" suggests
that the command is generic and does not have to exist in the container
rootfs. So I assume the spec was meant to say hooks are executed outside
of the container environment.
Signed-off-by: Alban Crequy <[email protected]>
Copy file name to clipboardExpand all lines: config.md
+2Lines changed: 2 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -375,6 +375,7 @@ For POSIX platforms, the configuration structure supports `hooks` for configurin
375
375
Entries in the array contain the following properties:
376
376
* **`path`** (string, REQUIRED) with similar semantics to [IEEE Std 1003.1-2008 `execv`'s *path*][ieee-1003.1-2008-functions-exec].
377
377
This specification extends the IEEE standard in that **`path`** MUST be absolute.
378
+
Runtimes MUST resolve this value in the [runtime namespace](glossary.md#runtime-namespace).
378
379
* **`args`** (array of strings, OPTIONAL) with the same semantics as [IEEE Std 1003.1-2008 `execv`'s *argv*][ieee-1003.1-2008-functions-exec].
379
380
* **`env`** (array of strings, OPTIONAL) with the same semantics as [IEEE Std 1003.1-2008's `environ`][ieee-1003.1-2008-xbd-c8.1].
380
381
* **`timeout`** (int, OPTIONAL) is the number of seconds before aborting the hook.
@@ -386,6 +387,7 @@ For POSIX platforms, the configuration structure supports `hooks` for configurin
386
387
387
388
Hooks allow users to specify programs to run before or after various lifecycle events.
388
389
Hooks MUST be called in the listed order.
390
+
Hooks MUST be executed in the [runtime namespace](glossary.md#runtime-namespace).
389
391
The [state](runtime.md#state) of the container MUST be passed to hooks over stdin so that they may do work appropriate to the current state of the container.
0 commit comments