Closed AkihiroSuda closed 10 months ago
I like this idea, though I think runtimes should opt for listing the precise annotations they consider unsafe rather than specifying namespaces (after all, the runtime should know which annotations they support and what they do). But the format should probably support specifying namespaces in cases where the runtime really wants to indicate a whole namespace is unsafe.
PR:
I like this idea, though I think runtimes should opt for listing the precise annotations they consider unsafe rather than specifying namespaces (after all, the runtime should know which annotations they support and what they do). But the format should probably support specifying namespaces in cases where the runtime really wants to indicate a whole namespace is unsafe.
Yes. Actually, a precise annotation string is also valid as a "prefix"
https://github.com/opencontainers/runtime-spec/blob/main/features.md should return the list of unsafe annotations. (“org.systemd.”, “run.oci.”, etc.)