config: Explicitly list process.user as required

wking · wking · commit f025239e7326 · 2016-06-05T00:01:24.000-07:00
Linux and Solaris both use the same POSIX-based structure (which I've moved to defs-linux.json). Windows likely needs a string-based structure, but we're punting on that until we have more feedback from the Windows folks [1]. Regardless of whether we have a Windows user structure yet, the maintainer consensus is that the property is required [2,3,4]. [1]: opencontainers#96 (comment) [2]: http://ircbot.wl.linuxfoundation.org/meetings/opencontainers/2016/opencontainers.2016-05-04-17.00.log.html#l-44 [3]: opencontainers#417 (comment) [4]: opencontainers#417 (comment) Signed-off-by: W. Trevor King <wking@tremily.us>
diff --git a/config.md b/config.md
@@ -99,6 +99,8 @@ See links for details about [mountvol](http://ss64.com/nt/mountvol.html) and [Se
   * **`args`** (array of strings, optional) executable to launch and any flags as an array.
     The executable is the first element and MUST be available at the given path inside of the rootfs.
     If the executable path is not an absolute path then the search $PATH is interpreted to find the executable.
+  * **`user`** (object, required) the process user.
+    The properties for this object are [platform dependent](#user).
 
   For Linux-based systems the process structure supports the following process specific fields:
 
diff --git a/schema/defs-linux.json b/schema/defs-linux.json
@@ -1,5 +1,23 @@
 {
     "definitions": {
+        "user": {
+            "type": "object",
+            "properties": {
+                "uid": {
+                    "$ref": "defs.json#/definitions/UID"
+                },
+                "gid": {
+                    "$ref": "defs.json#/definitions/GID"
+                },
+                "additionalGids": {
+                    "$ref": "defs.json#/definitions/ArrayOfGIDs"
+                }
+            },
+           "required": [
+               "uid",
+               "gid"
+           ]
+        },
         "SeccompArch": {
             "type": "string",
             "enum": [
diff --git a/schema/schema.json b/schema/schema.json
@@ -83,7 +83,8 @@
             "id": "https://opencontainers.org/schema/bundle/process",
             "type": "object",
             "required": [
-                "cwd"
+                "cwd",
+                "user"
             ],
             "properties": {
                 "args": {
@@ -104,21 +105,11 @@
                 },
                 "user": {
                     "id": "https://opencontainers.org/schema/bundle/process/user",
-                    "type": "object",
-                    "properties": {
-                        "uid": {
-                            "id": "https://opencontainers.org/schema/bundle/process/user/uid",
-                            "$ref": "defs.json#/definitions/UID"
-                        },
-                        "gid": {
-                            "id": "https://opencontainers.org/schema/bundle/process/user/gid",
-                            "$ref": "defs.json#/definitions/GID"
-                        },
-                        "additionalGids": {
-                            "id": "https://opencontainers.org/schema/bundle/process/user/additionalGids",
-                            "$ref": "defs.json#/definitions/ArrayOfGIDs"
+                    "oneOf": [
+                        {
+                            "$ref": "defs-linux.json#/definitions/user"
                         }
-                    }
+                    ]
                 },
                 "capabilities": {
                     "id": "https://opencontainers.org/schema/bundle/process/linux/capabilities",
