From 60fff3f51cc48dbdd903c52513fb96fd6dc277e0 Mon Sep 17 00:00:00 2001 From: "W. Trevor King" Date: Wed, 3 Aug 2016 09:08:56 -0700 Subject: [PATCH 1/2] config-linux: Add (array, optional) for linux.devices To match the omitempty which the Go property has had since 28cc4239 (add omitempty to 'Device' and 'Namespace', 2016-03-10, #340). Signed-off-by: W. Trevor King --- config-linux.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config-linux.md b/config-linux.md index 6555f526e..d4ba6324f 100644 --- a/config-linux.md +++ b/config-linux.md @@ -98,7 +98,7 @@ There is a limit of 5 mappings which is the Linux kernel hard limit. ## Devices -`devices` is an array specifying the list of devices that MUST be available in the container. +**`devices`** (array, optional) lists devices that MUST be available in the container. The runtime may supply them however it likes (with [mknod][mknod.2], by bind mounting from the runtime mount namespace, etc.). The following parameters can be specified: From 054d2df15ab571f839794e2c196cf69cc3966c8b Mon Sep 17 00:00:00 2001 From: "W. Trevor King" Date: Wed, 3 Aug 2016 09:11:53 -0700 Subject: [PATCH 2/2] config-linux: Make linux.resources.devices explicitly optional And mark it omitempty to avoid: $ ocitools generate --template <(echo '{"linux": {"resources": {}}}') | jq .linux { "resources": { "devices": null } } Signed-off-by: W. Trevor King --- config-linux.md | 2 +- specs-go/config.go | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/config-linux.md b/config-linux.md index d4ba6324f..22a58b2e2 100644 --- a/config-linux.md +++ b/config-linux.md @@ -198,7 +198,7 @@ However, a runtime MAY attach the container process to additional cgroup control #### Device whitelist -`devices` is an array of entries to control the [device whitelist][cgroup-v1-devices]. +**`devices`** (array, optional) configures the [device whitelist][cgroup-v1-devices]. The runtime MUST apply entries in the listed order. The following parameters can be specified: diff --git a/specs-go/config.go b/specs-go/config.go index b2ac75eb4..4a1612264 100644 --- a/specs-go/config.go +++ b/specs-go/config.go @@ -301,8 +301,8 @@ type Network struct { // Resources has container runtime resource constraints type Resources struct { - // Devices are a list of device rules for the whitelist controller - Devices []DeviceCgroup `json:"devices"` + // Devices configures the device whitelist. + Devices []DeviceCgroup `json:"devices,omitempty"` // DisableOOMKiller disables the OOM killer for out of memory conditions DisableOOMKiller *bool `json:"disableOOMKiller,omitempty"` // Specify an oom_score_adj for the container.