Skip to content

Commit 977d7ba

Browse files
giuseppegiuseppe
committed
config.md: allow empty mappings for [r]idmap
crun currently allows to specify an empty mapping for [r]idmap, and to default to the mappings specified for the container user namespace. Change the specifications to allow such behavior. Signed-off-by: Giuseppe Scrivano <[email protected]>
1 parent 305605a commit 977d7ba

File tree

1 file changed

+2
-2
lines changed

1 file changed

+2
-2
lines changed

config.md

+2-2
Original file line numberDiff line numberDiff line change
@@ -146,8 +146,8 @@ Runtimes MUST/SHOULD/MAY implement the following option strings for Linux:
146146
`sync` | MUST | [^1]
147147
`tmpcopyup` | MAY | copy up the contents to a tmpfs
148148
`unbindable` | MUST | [^2] (bind mounts)
149-
`idmap` | SHOULD | Indicates that the mount has `uidMappings` and `gidMappings` specified. This option SHOULD NOT be passed to the underlying [`mount(2)`][mount.2] call. If supported, the runtime MUST return an error if this option is provided and either of `uidMappings` or `gidMappings` are empty or not present.
150-
`ridmap` | SHOULD | Indicates that the mount has `uidMappings` and `gidMappings` specified, and the mapping is applied recursively [^3]. This option SHOULD NOT be passed to the underlying [`mount(2)`][mount.2] call. If supported, the runtime MUST return an error if this option is provided and either of `uidMappings` or `gidMappings` are empty or not present.
149+
`idmap` | SHOULD | Indicates that the mount must have an idmapping applied. This option SHOULD NOT be passed to the underlying [`mount(2)`][mount.2] call. If `uidMappings` or `gidMappings` are not specified, the runtime MAY use the container's user namespace mapping. If there are no `uidMappings` and `gidMappings` specified and the container isn't using user namespaces, an error MUST be returned.
150+
`ridmap` | SHOULD | Indicates that the mount must have an idmapping applied, and the mapping is applied recursively [^3]. This option SHOULD NOT be passed to the underlying [`mount(2)`][mount.2] call. If `uidMappings` or `gidMappings` are not specified, the runtime MAY use the container's user namespace mapping. If there are no `uidMappings` and `gidMappings` specified and the container isn't using user namespaces, an error MUST be returned.
151151

152152
[^1]: Corresponds to [`mount(8)` (filesystem-independent)][mount.8-filesystem-independent].
153153
[^2]: Corresponds to [`mount(8)` (filesystem-specific)][mount.8-filesystem-specific].

0 commit comments

Comments
 (0)