You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
runtime: lifecycle: environment must match config.json
Make it clear that if a runtime cannot set up an environment that
*precisely* matches the config.json provided, it must generate an error.
This is important because not doing this can cause security issues.
Signed-off-by: Aleksa Sarai <[email protected]>
Copy file name to clipboardExpand all lines: runtime.md
+1Lines changed: 1 addition & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -34,6 +34,7 @@ See [Query State](#query-state) for information on retrieving the state of a con
34
34
The lifecycle describes the timeline of events that happen from when a container is created to when it ceases to exist.
35
35
1. OCI compliant runtime's `create` command is invoked with a reference to the location of the bundle and a unique identifier.
36
36
2. The container's runtime environment MUST be created according to the configuration in [`config.json`](config.md).
37
+
If the runtime is unable to create the environment specified in the [`config.json`](config.md), it MUST generate an error.
37
38
While the resources requested in the [`config.json`](config.md) MUST be created, the user-specified code (from [`process`](config.md#process-configuration) MUST NOT be run at this time.
38
39
Any updates to `config.json` after this step MUST NOT affect the container.
39
40
3. Once the container is created additional actions MAY be performed based on the features the runtime chooses to support.
0 commit comments