runtime: Clarify UTS and mount cleanup on 'delete'

Now that d43fc42 (config-linux: Lift no-tweaking namespace
restriction, 2017-01-11, opencontainers#649) allows us to get into this sort of
situation.  This sort of ownership may also apply to other resources
(cgroups?), but we can handle them in follow-up commits.

Also drop "Configuration" from the root header.  Everything in that
file is a configuration.

container-namespace3 (instead of container-namespace) supports the
single-page, Pandoc-generated file (see e7be40f, Cleanup the spec a
bit to remove WG/git text that's not really part of the spec,
2016-11-14, opencontainers#626).

Signed-off-by: W. Trevor King <[email protected]>

Author: wking

config.md

@@ -20,7 +20,7 @@ For example, if a configuration is compliant with version 1.1 of this specificat
     "ociVersion": "0.1.0"
 ```
 
-## Root Configuration
+## Root
 
 **`root`** (object, REQUIRED) configures the container's root filesystem.
 
@@ -41,7 +41,7 @@ For example, if a configuration is compliant with version 1.1 of this specificat
 
 ## Mounts
 
-**`mounts`** (array, OPTIONAL) configures additional mounts (on top of [`root`](#root-configuration)).
+**`mounts`** (array, OPTIONAL) configures additional mounts (on top of [`root`](#root)).
 The runtime MUST mount entries in the listed order.
 The parameters are similar to the ones in [the Linux mount system call](http://man7.org/linux/man-pages/man2/mount.2.html).
 For Solaris, the mounts corresponds to fs resource in zonecfg(8).

runtime.md

@@ -121,11 +121,17 @@ When the process in the container is stopped, irrespective of it being as a resu
 This operation MUST generate an error if it is not provided the container ID.
 Attempting to delete a container that does not exist MUST generate an error.
 Attempting to delete a container whose process is still running MUST generate an error.
-Deleting a container MUST delete the resources that were created during the `create` step.
-Note that resources associated with the container, but not created by this container, MUST NOT be deleted.
 Once a container is deleted its ID MAY be used by a subsequent container.
 
+Deleting a container MUST delete the resources that were created during the `create` step.
+Resources associated with the container, but not created by this container, MUST NOT be deleted.
+
+On Linux, [`mounts`](config.md#mounts), [`root`](config.md#root), [`linux.devices`](config-linux.md#devices), and other filesystem changes belong to the container which created the [container mount namespace][container-namespace3].
+If a container joins an existing mount namespace and applies those settings, deleting the container MUST NOT reverted the settings.
+Similarly [`hostname`](config.md#hostname) changes belong to the container which created the container UTS namespace.
 
 ## Hooks
 Many of the operations specified in this specification have "hooks" that allow for additional actions to be taken before or after each operation.
 See [runtime configuration for hooks](./config.md#hooks) for more information.
+
+[container-namespace3]: glossary.md#container-namespace