Original https://github.com/opencontainers/runtime-spec/blob/main/config.md#mounts

This configuration document defines the metadata definitions necessary to implement standard container operations. Including startup project, environment variable injection, sandbox function, etc.

In the typical specification definition in this article, there is a specification in JSON form in schema/config-schema.json and a definition in golang form in specs-go/config.go. Platform-specific configuration specifications are defined in platform-specific chapters. For specific platform attributes, there are platform-related tags in the golang code for representation. As platform:"linux,solaris"
specifically defined as follows

file version

ociVersionFollow the SemVer v2.0.0 format to define the OCI version. For example, if a configuration version is 1.1, it can be used in 1.1 and later versions. But it cannot be fully adapted or compatible in versions below 1.1 such as 1.0.
For example

"ociVersion": "0.1.0"

Root

The root object is an optional configuration for the root filesystem of the container, and is required for windows and windows servers. It is optional for Hyper-V container. For other platforms, this field is mandatory.

path string type, the root file system of the optional container.
- directory must exist
- For windows system, it must be volume GUID path
- For POSIX platforms, path must be an absolute path or a relative path.
readonly bool type, optional Whether the root file system inside the container must be read only, it is disabled by default
- In the window environment, false or default

Such as (POSIX platforms)

"root": {
    "path": "rootfs",
    "readonly": true
}

such as (Windows)

"root": {
    "path": "\\\\?\\Volume{ec84d99e-3f02-11e7-ac6c-00155d7682cf}\\"
}

Mounts mount

Array type, used for mounting non-root type directories. Must be mounted in the specified order at runtime. For the Linux operating system, the specific parameters are in the man page of mount(2); for Solaris, the parameters are mounted in the zonecfg man page of the fs resource.

destination string must be the internal path of the target mount address container
source string Optionally a device name, which can be a file or path name for mounting.
options Parameters required for mounting

For example (Windows)

"mounts": [
    {
        "destination": "C:\\folder-inside-container",
        "source": "C:\\folder-on-host",
        "options": ["ro"]
    }
]

POSIX-platform mount

type type optional such as ext2
uidMappings Optionally converts the UIDs of the source file system to the target system
gidMappings optionally converts the GIDs of the source file system to the target system
such as linux

"mounts": [
    {
        "destination": "/tmp",
        "type": "tmpfs",
        "source": "tmpfs",
        "options": ["nosuid","strictatime","mode=755","size=65536k"]
    },
    {
        "destination": "/data",
        "type": "none",
        "source": "/volumes/testing",
        "options": ["rbind","rw"]
    }
]

process

The process optional object specifies that the process attribute of the container must exist in the start phase

terminal bool is optional to specify whether the terminal is attached to the process, and it is disabled by default
The consoleSize object can optionally specify the console size at the end of the word, this option must be ignored at runtime if there is no terminal configuration
- height uint
- width unit
The cwd working path must be an absolute path
env environment variable list
args parameter list
commandLine string optional, specifies the full command to execute.

POSIX process

The rlimits array optional allows setting resource limits for the process.

type type
- linux getrlimit man，如 RLIMIT_MSGQUEUE
- The solaris getrlimit man says that
  runtimes such as RLIMIT_CORE must generate an error if any value cannot be mapped to a kernel interface.
soft limit
hard Only authorized processes can use the hard limit

Linux Process

apparmorProfile Optional see AppArmor documentation.
capabilities Optional runtime cannot fail if container configuration requires too many capabilities
- effective
- bounding
- inheritable
- premitted
- ambient
noNewPrivileges Whether extracurricular privileges are required
oomScoreAdj
selinuxLabel

user

User is a platform based setting

POSIX

The user structure contains

uid
gid
umask
addiotioanlGuide

windows

username

CPU name

hostname is the hostname of the container, visible to other processes inside the container.

Platform-specific configuration

linux (object, OPTIONAL) Linux-specific configuration. This MAY be set if the target platform of this spec is linux.
windows (object, OPTIONAL) Windows-specific configuration. This MUST be set if the target platform of this spec is windows.
solaris (object, OPTIONAL) Solaris-specific configuration. This MAY be set if the target platform of this spec is solaris.
vm (object, OPTIONAL) Virtual-machine-specific configuration. This MAY be set if the target platform and architecture of this spec support hardware virtualization.
zos (object, OPTIONAL) z/OS-specific configuration. This MAY be set if the target platform of this spec is zos.

Other related notes https://blog.csdn.net/oe1019/article/details/123755547

OCI Personal Notes (2)