config: Make default Linux filesystems an example

wking · wking · commit 235610dd3bd7 · 2017-02-03T11:50:04.000-08:00
The MUST default-filesystem wording altered in 279c3c0 (linux: relax filesystem requirements for container, 2017-01-23, opencontainers#666) had read (to me, anyway) as: The runtime MUST supply these even if the config doesn't call for them in mounts. with 279c3c0 weaking it to: The runtime SHOULD supply these even if the config doesn't call for them in mounts. But that's not very useful (callers that *need* a given mount will still have to configure it explicitly). However, one interpretation of the 279c3c0 wording seems to be something like [1]: Config authors probably want to include mounts entries for these. That's fine, and this commit tries to make that interpretation more obvious by shifting the config recommendation over to the Linux 'mounts' example. The values I'm using are straight from [2]. [1]: opencontainers#666 (comment) [2]: opencontainers/runtime-tools#24 Signed-off-by: W. Trevor King <wking@tremily.us>
diff --git a/config-linux.md b/config-linux.md
@@ -3,20 +3,6 @@
 This document describes the schema for the [Linux-specific section](config.md#platform-specific-configuration) of the [container configuration](config.md).
 The Linux container specification uses various kernel features like namespaces, cgroups, capabilities, LSM, and filesystem jails to fulfill the spec.
 
-## Default Filesystems
-
-The Linux ABI includes both syscalls and several special file paths.
-Applications expecting a Linux environment will very likely expect these file paths to be setup correctly.
-
-The following filesystems SHOULD be made available in each container's filesystem:
-
-|   Path   |  Type  |
-| -------- | ------ |
-| /proc    | [procfs](https://www.kernel.org/doc/Documentation/filesystems/proc.txt)   |
-| /sys     | [sysfs](https://www.kernel.org/doc/Documentation/filesystems/sysfs.txt)   |
-| /dev/pts | [devpts](https://www.kernel.org/doc/Documentation/filesystems/devpts.txt) |
-| /dev/shm | [tmpfs](https://www.kernel.org/doc/Documentation/filesystems/tmpfs.txt)   |
-
 ## Namespaces
 
 A namespace wraps a global system resource in an abstraction that makes it appear to the processes within the namespace that they have their own isolated instance of the global resource.
diff --git a/config.md b/config.md
@@ -63,19 +63,48 @@ For Solaris, the mounts corresponds to fs resource in zonecfg(8).
 
 ### Example (Linux)
 
+## Common Linux Filesystems
+
+The Linux ABI includes both syscalls and several special file paths.
+Applications expecting a Linux environment will very likely expect these file paths to be setup correctly.
+Configuration authors interested in providing common filesystems can consider entries like:
+
 ```json
 "mounts": [
     {
-        "destination": "/tmp",
+        "destination": "/proc",
+        "type": "proc",
+        "source": "proc"
+    },
+    {
+        "destination": "/dev",
         "type": "tmpfs",
         "source": "tmpfs",
-        "options": ["nosuid","strictatime","mode=755","size=65536k"]
+        "options": ["nosuid", "strictatime", "mode=755", "size=65536k"]
+    },
+    {
+        "destination": "/dev/pts",
+        "type": "devpts",
+        "source": "devpts",
+        "options": ["nosuid", "noexec", "newinstance", "ptmxmode=0666", "mode=0620", "gid=5"]
+    },
+    {
+        "destination": "/dev/shm",
+        "type": "tmpfs",
+        "source": "shm",
+        "options": ["nosuid", "noexec", "nodev", "mode=1777", "size=65536k"]
+    },
+    {
+        "destination": "/dev/mqueue",
+        "type": "mqueue",
+        "source": "mqueue",
+        "options": ["nosuid", "noexec", "nodev"]
     },
     {
-        "destination": "/data",
-        "type": "bind",
-        "source": "/volumes/testing",
-        "options": ["rbind","rw"]
+        "destination": "/sys",
+        "type": "sysfs",
+        "source": "sysfs",
+        "options": ["nosuid", "noexec", "nodev", "ro"]
     }
 ]
 ```
