Add comments for oci protos

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2018-07-18 13:39:51 -04:00 · 2018-07-18 13:39:51 -04:00 · d53a96fbe4
commit d53a96fbe4
parent 026b7d922f
3 changed files with 113 additions and 313 deletions
--- a/runtime/v2/README.md
+++ b/runtime/v2/README.md
@ -146,6 +146,11 @@ Shims are also responsible for unmounting of the filesystem.
 During a `delete` binary call, the shim MUST ensure that filesystem is also unmounted.
 Filesystems are provided by the containerd snapshotters.
 ### Events
 The shim MUST publish a `runtime.TaskExitEventTopic` when the container exits.
 If the shim collects Out of Memory events, it SHOULD also publish a `runtime.TaskOOMEventTopic`.
 ### Other
 #### Unsupported rpcs
--- a/runtime/v2/runc/options/oci.pb.go
+++ b/runtime/v2/runc/options/oci.pb.go
@ -37,21 +37,24 @@ var _ = math.Inf
 const _ = proto.GoGoProtoPackageIsVersion2 // please upgrade the proto package
 type Options struct {
-	NoPivotRoot         bool     `protobuf:"varint,1,opt,name=no_pivot_root,json=noPivotRoot,proto3" json:"no_pivot_root,omitempty"`
+	// disable pivot root when creating a container
-	OpenTcp             bool     `protobuf:"varint,2,opt,name=open_tcp,json=openTcp,proto3" json:"open_tcp,omitempty"`
+	NoPivotRoot bool `protobuf:"varint,1,opt,name=no_pivot_root,json=noPivotRoot,proto3" json:"no_pivot_root,omitempty"`
-	ExternalUnixSockets bool     `protobuf:"varint,3,opt,name=external_unix_sockets,json=externalUnixSockets,proto3" json:"external_unix_sockets,omitempty"`
+	// create a new keyring for the container
-	Terminal            bool     `protobuf:"varint,4,opt,name=terminal,proto3" json:"terminal,omitempty"`
+	NoNewKeyring bool `protobuf:"varint,2,opt,name=no_new_keyring,json=noNewKeyring,proto3" json:"no_new_keyring,omitempty"`
-	FileLocks           bool     `protobuf:"varint,5,opt,name=file_locks,json=fileLocks,proto3" json:"file_locks,omitempty"`
+	// place the shim in a cgroup
-	EmptyNamespaces     []string `protobuf:"bytes,6,rep,name=empty_namespaces,json=emptyNamespaces" json:"empty_namespaces,omitempty"`
+	ShimCgroup string `protobuf:"bytes,3,opt,name=shim_cgroup,json=shimCgroup,proto3" json:"shim_cgroup,omitempty"`
-	CgroupsMode         string   `protobuf:"bytes,7,opt,name=cgroups_mode,json=cgroupsMode,proto3" json:"cgroups_mode,omitempty"`
+	// set the I/O's pipes uid
-	NoNewKeyring        bool     `protobuf:"varint,8,opt,name=no_new_keyring,json=noNewKeyring,proto3" json:"no_new_keyring,omitempty"`
+	IoUid uint32 `protobuf:"varint,4,opt,name=io_uid,json=ioUid,proto3" json:"io_uid,omitempty"`
-	ShimCgroup          string   `protobuf:"bytes,9,opt,name=shim_cgroup,json=shimCgroup,proto3" json:"shim_cgroup,omitempty"`
+	// set the I/O's pipes gid
-	IoUid               uint32   `protobuf:"varint,10,opt,name=io_uid,json=ioUid,proto3" json:"io_uid,omitempty"`
+	IoGid uint32 `protobuf:"varint,5,opt,name=io_gid,json=ioGid,proto3" json:"io_gid,omitempty"`
-	IoGid               uint32   `protobuf:"varint,11,opt,name=io_gid,json=ioGid,proto3" json:"io_gid,omitempty"`
+	// binary name of the runc binary
-	BinaryName          string   `protobuf:"bytes,12,opt,name=binary_name,json=binaryName,proto3" json:"binary_name,omitempty"`
+	BinaryName string `protobuf:"bytes,6,opt,name=binary_name,json=binaryName,proto3" json:"binary_name,omitempty"`
-	Root                string   `protobuf:"bytes,13,opt,name=root,proto3" json:"root,omitempty"`
+	// runc root directory
-	CriuPath            string   `protobuf:"bytes,14,opt,name=criu_path,json=criuPath,proto3" json:"criu_path,omitempty"`
+	Root string `protobuf:"bytes,7,opt,name=root,proto3" json:"root,omitempty"`
-	SystemdCgroup       bool     `protobuf:"varint,15,opt,name=systemd_cgroup,json=systemdCgroup,proto3" json:"systemd_cgroup,omitempty"`
+	// criu binary path
 	CriuPath string `protobuf:"bytes,8,opt,name=criu_path,json=criuPath,proto3" json:"criu_path,omitempty"`
 	// enable systemd cgroups
 	SystemdCgroup bool `protobuf:"varint,9,opt,name=systemd_cgroup,json=systemdCgroup,proto3" json:"systemd_cgroup,omitempty"`
 }
 func (m *Options) Reset()                    { *m = Options{} }
@ -59,13 +62,20 @@ func (*Options) ProtoMessage()               {}
 func (*Options) Descriptor() ([]byte, []int) { return fileDescriptorOci, []int{0} }
 type CheckpointOptions struct {
-	Exit                bool     `protobuf:"varint,1,opt,name=exit,proto3" json:"exit,omitempty"`
+	// exit the container after a checkpoint
-	OpenTcp             bool     `protobuf:"varint,2,opt,name=open_tcp,json=openTcp,proto3" json:"open_tcp,omitempty"`
+	Exit bool `protobuf:"varint,1,opt,name=exit,proto3" json:"exit,omitempty"`
-	ExternalUnixSockets bool     `protobuf:"varint,3,opt,name=external_unix_sockets,json=externalUnixSockets,proto3" json:"external_unix_sockets,omitempty"`
+	// checkpoint open tcp connections
-	Terminal            bool     `protobuf:"varint,4,opt,name=terminal,proto3" json:"terminal,omitempty"`
+	OpenTcp bool `protobuf:"varint,2,opt,name=open_tcp,json=openTcp,proto3" json:"open_tcp,omitempty"`
-	FileLocks           bool     `protobuf:"varint,5,opt,name=file_locks,json=fileLocks,proto3" json:"file_locks,omitempty"`
+	// checkpoint external unix sockets
-	EmptyNamespaces     []string `protobuf:"bytes,6,rep,name=empty_namespaces,json=emptyNamespaces" json:"empty_namespaces,omitempty"`
+	ExternalUnixSockets bool `protobuf:"varint,3,opt,name=external_unix_sockets,json=externalUnixSockets,proto3" json:"external_unix_sockets,omitempty"`
-	CgroupsMode         string   `protobuf:"bytes,7,opt,name=cgroups_mode,json=cgroupsMode,proto3" json:"cgroups_mode,omitempty"`
+	// checkpoint terminals (ptys)
 	Terminal bool `protobuf:"varint,4,opt,name=terminal,proto3" json:"terminal,omitempty"`
 	// allow checkpointing of file locks
 	FileLocks bool `protobuf:"varint,5,opt,name=file_locks,json=fileLocks,proto3" json:"file_locks,omitempty"`
 	// restore provided namespaces as empty namespaces
 	EmptyNamespaces []string `protobuf:"bytes,6,rep,name=empty_namespaces,json=emptyNamespaces" json:"empty_namespaces,omitempty"`
 	// set the cgroups mode, soft, full, strict
 	CgroupsMode string `protobuf:"bytes,7,opt,name=cgroups_mode,json=cgroupsMode,proto3" json:"cgroups_mode,omitempty"`
 }
 func (m *CheckpointOptions) Reset()                    { *m = CheckpointOptions{} }
@ -73,6 +83,7 @@ func (*CheckpointOptions) ProtoMessage()               {}
 func (*CheckpointOptions) Descriptor() ([]byte, []int) { return fileDescriptorOci, []int{1} }
 type ProcessDetails struct {
 	// exec process id if the process is managed by a shim
 	ExecID string `protobuf:"bytes,1,opt,name=exec_id,json=execId,proto3" json:"exec_id,omitempty"`
 }
@ -110,69 +121,8 @@ func (m *Options) MarshalTo(dAtA []byte) (int, error) {
 		}
 		i++
 	}
 	if m.OpenTcp {
 		dAtA[i] = 0x10
 		i++
 		if m.OpenTcp {
 			dAtA[i] = 1
 		} else {
 			dAtA[i] = 0
 		}
 		i++
 	}
 	if m.ExternalUnixSockets {
 		dAtA[i] = 0x18
 		i++
 		if m.ExternalUnixSockets {
 			dAtA[i] = 1
 		} else {
 			dAtA[i] = 0
 		}
 		i++
 	}
 	if m.Terminal {
 		dAtA[i] = 0x20
 		i++
 		if m.Terminal {
 			dAtA[i] = 1
 		} else {
 			dAtA[i] = 0
 		}
 		i++
 	}
 	if m.FileLocks {
 		dAtA[i] = 0x28
 		i++
 		if m.FileLocks {
 			dAtA[i] = 1
 		} else {
 			dAtA[i] = 0
 		}
 		i++
 	}
 	if len(m.EmptyNamespaces) > 0 {
 		for _, s := range m.EmptyNamespaces {
 			dAtA[i] = 0x32
 			i++
 			l = len(s)
 			for l >= 1<<7 {
 				dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
 				l >>= 7
 				i++
 			}
 			dAtA[i] = uint8(l)
 			i++
 			i += copy(dAtA[i:], s)
 		}
 	}
 	if len(m.CgroupsMode) > 0 {
 		dAtA[i] = 0x3a
 		i++
 		i = encodeVarintOci(dAtA, i, uint64(len(m.CgroupsMode)))
 		i += copy(dAtA[i:], m.CgroupsMode)
 	}
 	if m.NoNewKeyring {
-		dAtA[i] = 0x40
+		dAtA[i] = 0x10
 		i++
 		if m.NoNewKeyring {
 			dAtA[i] = 1
@ -182,41 +132,41 @@ func (m *Options) MarshalTo(dAtA []byte) (int, error) {
 		i++
 	}
 	if len(m.ShimCgroup) > 0 {
-		dAtA[i] = 0x4a
+		dAtA[i] = 0x1a
 		i++
 		i = encodeVarintOci(dAtA, i, uint64(len(m.ShimCgroup)))
 		i += copy(dAtA[i:], m.ShimCgroup)
 	}
 	if m.IoUid != 0 {
-		dAtA[i] = 0x50
+		dAtA[i] = 0x20
 		i++
 		i = encodeVarintOci(dAtA, i, uint64(m.IoUid))
 	}
 	if m.IoGid != 0 {
-		dAtA[i] = 0x58
+		dAtA[i] = 0x28
 		i++
 		i = encodeVarintOci(dAtA, i, uint64(m.IoGid))
 	}
 	if len(m.BinaryName) > 0 {
-		dAtA[i] = 0x62
+		dAtA[i] = 0x32
 		i++
 		i = encodeVarintOci(dAtA, i, uint64(len(m.BinaryName)))
 		i += copy(dAtA[i:], m.BinaryName)
 	}
 	if len(m.Root) > 0 {
-		dAtA[i] = 0x6a
+		dAtA[i] = 0x3a
 		i++
 		i = encodeVarintOci(dAtA, i, uint64(len(m.Root)))
 		i += copy(dAtA[i:], m.Root)
 	}
 	if len(m.CriuPath) > 0 {
-		dAtA[i] = 0x72
+		dAtA[i] = 0x42
 		i++
 		i = encodeVarintOci(dAtA, i, uint64(len(m.CriuPath)))
 		i += copy(dAtA[i:], m.CriuPath)
 	}
 	if m.SystemdCgroup {
-		dAtA[i] = 0x78
+		dAtA[i] = 0x48
 		i++
 		if m.SystemdCgroup {
 			dAtA[i] = 1
@ -356,28 +306,6 @@ func (m *Options) Size() (n int) {
 	if m.NoPivotRoot {
 		n += 2
 	}
 	if m.OpenTcp {
 		n += 2
 	}
 	if m.ExternalUnixSockets {
 		n += 2
 	}
 	if m.Terminal {
 		n += 2
 	}
 	if m.FileLocks {
 		n += 2
 	}
 	if len(m.EmptyNamespaces) > 0 {
 		for _, s := range m.EmptyNamespaces {
 			l = len(s)
 			n += 1 + l + sovOci(uint64(l))
 		}
 	}
 	l = len(m.CgroupsMode)
 	if l > 0 {
 		n += 1 + l + sovOci(uint64(l))
 	}
 	if m.NoNewKeyring {
 		n += 2
 	}
@ -469,12 +397,6 @@ func (this *Options) String() string {
 	}
 	s := strings.Join([]string{`&Options{`,
 		`NoPivotRoot:` + fmt.Sprintf("%v", this.NoPivotRoot) + `,`,
 		`OpenTcp:` + fmt.Sprintf("%v", this.OpenTcp) + `,`,
 		`ExternalUnixSockets:` + fmt.Sprintf("%v", this.ExternalUnixSockets) + `,`,
 		`Terminal:` + fmt.Sprintf("%v", this.Terminal) + `,`,
 		`FileLocks:` + fmt.Sprintf("%v", this.FileLocks) + `,`,
 		`EmptyNamespaces:` + fmt.Sprintf("%v", this.EmptyNamespaces) + `,`,
 		`CgroupsMode:` + fmt.Sprintf("%v", this.CgroupsMode) + `,`,
 		`NoNewKeyring:` + fmt.Sprintf("%v", this.NoNewKeyring) + `,`,
 		`ShimCgroup:` + fmt.Sprintf("%v", this.ShimCgroup) + `,`,
 		`IoUid:` + fmt.Sprintf("%v", this.IoUid) + `,`,
@ -571,144 +493,6 @@ func (m *Options) Unmarshal(dAtA []byte) error {
 			}
 			m.NoPivotRoot = bool(v != 0)
 		case 2:
 			if wireType != 0 {
 				return fmt.Errorf("proto: wrong wireType = %d for field OpenTcp", wireType)
 			}
 			var v int
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowOci
 				}
 				if iNdEx >= l {
 					return io.ErrUnexpectedEOF
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
 				v |= (int(b) & 0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
 			m.OpenTcp = bool(v != 0)
 		case 3:
 			if wireType != 0 {
 				return fmt.Errorf("proto: wrong wireType = %d for field ExternalUnixSockets", wireType)
 			}
 			var v int
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowOci
 				}
 				if iNdEx >= l {
 					return io.ErrUnexpectedEOF
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
 				v |= (int(b) & 0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
 			m.ExternalUnixSockets = bool(v != 0)
 		case 4:
 			if wireType != 0 {
 				return fmt.Errorf("proto: wrong wireType = %d for field Terminal", wireType)
 			}
 			var v int
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowOci
 				}
 				if iNdEx >= l {
 					return io.ErrUnexpectedEOF
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
 				v |= (int(b) & 0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
 			m.Terminal = bool(v != 0)
 		case 5:
 			if wireType != 0 {
 				return fmt.Errorf("proto: wrong wireType = %d for field FileLocks", wireType)
 			}
 			var v int
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowOci
 				}
 				if iNdEx >= l {
 					return io.ErrUnexpectedEOF
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
 				v |= (int(b) & 0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
 			m.FileLocks = bool(v != 0)
 		case 6:
 			if wireType != 2 {
 				return fmt.Errorf("proto: wrong wireType = %d for field EmptyNamespaces", wireType)
 			}
 			var stringLen uint64
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowOci
 				}
 				if iNdEx >= l {
 					return io.ErrUnexpectedEOF
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
 				stringLen |= (uint64(b) & 0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
 			intStringLen := int(stringLen)
 			if intStringLen < 0 {
 				return ErrInvalidLengthOci
 			}
 			postIndex := iNdEx + intStringLen
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
 			m.EmptyNamespaces = append(m.EmptyNamespaces, string(dAtA[iNdEx:postIndex]))
 			iNdEx = postIndex
 		case 7:
 			if wireType != 2 {
 				return fmt.Errorf("proto: wrong wireType = %d for field CgroupsMode", wireType)
 			}
 			var stringLen uint64
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowOci
 				}
 				if iNdEx >= l {
 					return io.ErrUnexpectedEOF
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
 				stringLen |= (uint64(b) & 0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
 			intStringLen := int(stringLen)
 			if intStringLen < 0 {
 				return ErrInvalidLengthOci
 			}
 			postIndex := iNdEx + intStringLen
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
 			m.CgroupsMode = string(dAtA[iNdEx:postIndex])
 			iNdEx = postIndex
 		case 8:
 			if wireType != 0 {
 				return fmt.Errorf("proto: wrong wireType = %d for field NoNewKeyring", wireType)
 			}
@ -728,7 +512,7 @@ func (m *Options) Unmarshal(dAtA []byte) error {
 				}
 			}
 			m.NoNewKeyring = bool(v != 0)
-		case 9:
+		case 3:
 			if wireType != 2 {
 				return fmt.Errorf("proto: wrong wireType = %d for field ShimCgroup", wireType)
 			}
@ -757,7 +541,7 @@ func (m *Options) Unmarshal(dAtA []byte) error {
 			}
 			m.ShimCgroup = string(dAtA[iNdEx:postIndex])
 			iNdEx = postIndex
-		case 10:
+		case 4:
 			if wireType != 0 {
 				return fmt.Errorf("proto: wrong wireType = %d for field IoUid", wireType)
 			}
@ -776,7 +560,7 @@ func (m *Options) Unmarshal(dAtA []byte) error {
 					break
 				}
 			}
-		case 11:
+		case 5:
 			if wireType != 0 {
 				return fmt.Errorf("proto: wrong wireType = %d for field IoGid", wireType)
 			}
@ -795,7 +579,7 @@ func (m *Options) Unmarshal(dAtA []byte) error {
 					break
 				}
 			}
-		case 12:
+		case 6:
 			if wireType != 2 {
 				return fmt.Errorf("proto: wrong wireType = %d for field BinaryName", wireType)
 			}
@ -824,7 +608,7 @@ func (m *Options) Unmarshal(dAtA []byte) error {
 			}
 			m.BinaryName = string(dAtA[iNdEx:postIndex])
 			iNdEx = postIndex
-		case 13:
+		case 7:
 			if wireType != 2 {
 				return fmt.Errorf("proto: wrong wireType = %d for field Root", wireType)
 			}
@ -853,7 +637,7 @@ func (m *Options) Unmarshal(dAtA []byte) error {
 			}
 			m.Root = string(dAtA[iNdEx:postIndex])
 			iNdEx = postIndex
-		case 14:
+		case 8:
 			if wireType != 2 {
 				return fmt.Errorf("proto: wrong wireType = %d for field CriuPath", wireType)
 			}
@ -882,7 +666,7 @@ func (m *Options) Unmarshal(dAtA []byte) error {
 			}
 			m.CriuPath = string(dAtA[iNdEx:postIndex])
 			iNdEx = postIndex
-		case 15:
+		case 9:
 			if wireType != 0 {
 				return fmt.Errorf("proto: wrong wireType = %d for field SystemdCgroup", wireType)
 			}
@ -1320,39 +1104,39 @@ func init() {
 }
 var fileDescriptorOci = []byte{
-	// 534 bytes of a gzipped FileDescriptorProto
+	// 529 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xdc, 0x93, 0xcf, 0x6e, 0x13, 0x31,
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x9c, 0x92, 0xcd, 0x6e, 0xd3, 0x4c,
-	0x10, 0xc6, 0xbb, 0xb4, 0xcd, 0x1f, 0xa7, 0x49, 0xc1, 0x50, 0xc9, 0x14, 0x91, 0x86, 0x00, 0x52,
+	0x14, 0x86, 0xeb, 0xfe, 0x38, 0xf6, 0xf4, 0xe7, 0xfb, 0x18, 0xa8, 0x64, 0x8a, 0x70, 0x43, 0x00,
-	0xb8, 0x24, 0xa2, 0x88, 0x13, 0x17, 0xd4, 0x16, 0xa1, 0x0a, 0x28, 0xd5, 0x42, 0x25, 0xd4, 0x8b,
+	0x29, 0x6c, 0x12, 0x51, 0xc4, 0x8a, 0x0d, 0x6a, 0x8b, 0x50, 0x05, 0x94, 0xca, 0x50, 0x09, 0x75,
-	0xb5, 0xf5, 0x0e, 0x9b, 0x51, 0xb2, 0x9e, 0xd5, 0xda, 0xdb, 0x6e, 0x6e, 0x3c, 0x5e, 0x8f, 0x1c,
+	0x33, 0x72, 0xc6, 0x07, 0xe7, 0x28, 0xf1, 0x1c, 0xcb, 0x33, 0x4e, 0x9d, 0x1d, 0xf7, 0xc1, 0x0d,
-	0x39, 0x21, 0x9a, 0x57, 0xe0, 0x01, 0x40, 0xf6, 0x26, 0x85, 0x33, 0x47, 0x4e, 0xfb, 0xf9, 0xf7,
+	0x75, 0xc9, 0x92, 0x15, 0xa2, 0xb9, 0x11, 0x90, 0xc7, 0x4e, 0x61, 0xcd, 0xca, 0xef, 0x3c, 0xef,
-	0x7d, 0x9e, 0x1d, 0x7b, 0x64, 0xb6, 0x97, 0xa0, 0x1d, 0x17, 0x67, 0x43, 0x45, 0xe9, 0x48, 0x91,
+	0xf1, 0x68, 0xe6, 0xd1, 0xb0, 0xc3, 0x14, 0xcd, 0xb8, 0x1c, 0x0d, 0x24, 0x65, 0x43, 0x49, 0xca,
-	0xb6, 0x11, 0x6a, 0xc8, 0xe3, 0xbf, 0x65, 0x5e, 0x68, 0x8b, 0x29, 0x8c, 0xce, 0x77, 0x9d, 0x54,
+	0xc4, 0xa8, 0xa0, 0x48, 0xfe, 0x8e, 0x45, 0xa9, 0x0c, 0x66, 0x30, 0x9c, 0x1d, 0xd4, 0x51, 0x0e,
-	0x23, 0xca, 0x2c, 0x92, 0x36, 0x23, 0x52, 0x38, 0xcc, 0x72, 0xb2, 0xc4, 0xf9, 0x9f, 0xf4, 0xd0,
+	0x29, 0x37, 0x48, 0x4a, 0x0f, 0x49, 0xe2, 0x20, 0x2f, 0xc8, 0x10, 0xe7, 0x7f, 0xa6, 0x07, 0xf5,
-	0x45, 0x86, 0xe7, 0x4f, 0xb7, 0xef, 0x24, 0x94, 0x90, 0xb7, 0x47, 0x4e, 0x55, 0xc9, 0xfe, 0xcf,
+	0xc8, 0x60, 0xf6, 0x74, 0xef, 0x4e, 0x4a, 0x29, 0xd9, 0x7a, 0x58, 0xa7, 0x66, 0xb2, 0xf7, 0x75,
-	0x55, 0x56, 0x7f, 0x5f, 0xed, 0xe7, 0x7d, 0xd6, 0xd6, 0x24, 0x33, 0x3c, 0x27, 0x2b, 0x73, 0x22,
+	0x95, 0x75, 0xde, 0x37, 0xff, 0xf3, 0x1e, 0xdb, 0x56, 0x24, 0x72, 0x9c, 0x91, 0x11, 0x05, 0x91,
-	0x2b, 0x82, 0x5e, 0x30, 0x68, 0x84, 0x2d, 0x4d, 0xc7, 0x8e, 0x85, 0x44, 0x96, 0xdf, 0x65, 0x0d,
+	0x09, 0x9c, 0xae, 0xd3, 0xf7, 0xa2, 0x4d, 0x45, 0x67, 0x35, 0x8b, 0x88, 0x0c, 0x7f, 0xc4, 0x76,
-	0xca, 0x40, 0x4b, 0xab, 0x32, 0x71, 0xc3, 0xdb, 0x75, 0xb7, 0xfe, 0xa8, 0x32, 0xbe, 0xcb, 0xb6,
+	0x14, 0x09, 0x05, 0x97, 0x62, 0x02, 0xf3, 0x02, 0x55, 0x1a, 0xac, 0xda, 0xa1, 0x2d, 0x45, 0xa7,
-	0xa0, 0xb4, 0x90, 0xeb, 0x68, 0x2a, 0x0b, 0x8d, 0xa5, 0x34, 0xa4, 0x26, 0x60, 0x8d, 0x58, 0xf5,
+	0x70, 0xf9, 0xa6, 0x61, 0x7c, 0x9f, 0x6d, 0xea, 0x31, 0x66, 0x42, 0xa6, 0x05, 0x95, 0x79, 0xb0,
-	0xb9, 0xdb, 0x4b, 0xf3, 0x44, 0x63, 0xf9, 0xa1, 0xb2, 0xf8, 0x36, 0x6b, 0x58, 0xc8, 0x53, 0xd4,
+	0xd6, 0x75, 0xfa, 0x7e, 0xc4, 0x6a, 0x74, 0x64, 0x09, 0xdf, 0x65, 0x2e, 0x92, 0x28, 0x31, 0x09,
-	0xd1, 0x54, 0xac, 0xf9, 0xd8, 0xf5, 0x9a, 0xdf, 0x67, 0xec, 0x33, 0x4e, 0x41, 0x4e, 0x49, 0x4d,
+	0xd6, 0xbb, 0x4e, 0x7f, 0x3b, 0xda, 0x40, 0x3a, 0xc7, 0xa4, 0xc5, 0x29, 0x26, 0xc1, 0xc6, 0x12,
-	0x8c, 0x58, 0xf7, 0x6e, 0xd3, 0x91, 0xb7, 0x0e, 0xf0, 0x27, 0xec, 0x26, 0xa4, 0x99, 0x9d, 0x49,
+	0xbf, 0xc6, 0xa4, 0xde, 0x6e, 0x84, 0x2a, 0x2e, 0xe6, 0x42, 0xc5, 0x19, 0x04, 0x6e, 0xb3, 0x5d,
-	0x1d, 0xa5, 0x60, 0xb2, 0x48, 0x81, 0x11, 0xb5, 0xde, 0xea, 0xa0, 0x19, 0x6e, 0x7a, 0x7e, 0x74,
+	0x83, 0x4e, 0xe3, 0x0c, 0x38, 0x67, 0xeb, 0xf6, 0xc0, 0x1d, 0xdb, 0xd8, 0xcc, 0xef, 0x31, 0x5f,
-	0x8d, 0xf9, 0x03, 0xb6, 0xa1, 0x92, 0x9c, 0x8a, 0xcc, 0xc8, 0x94, 0x62, 0x10, 0xf5, 0x5e, 0x30,
+	0x16, 0x58, 0x8a, 0x3c, 0x36, 0xe3, 0xc0, 0xb3, 0x85, 0x57, 0x83, 0xb3, 0xd8, 0x8c, 0xf9, 0x63,
-	0x68, 0x86, 0xad, 0x05, 0x7b, 0x47, 0x31, 0xf0, 0x47, 0xac, 0xa3, 0x49, 0x6a, 0xb8, 0x90, 0x13,
+	0xb6, 0xa3, 0xe7, 0xda, 0x40, 0x96, 0x2c, 0xcf, 0xe8, 0xdb, 0x6b, 0x6c, 0xb7, 0xb4, 0x39, 0x66,
-	0x98, 0xe5, 0xa8, 0x13, 0xd1, 0xf0, 0x3f, 0xdc, 0xd0, 0x74, 0x04, 0x17, 0x6f, 0x2a, 0xc6, 0x77,
+	0xef, 0x97, 0xc3, 0x6e, 0x1d, 0x8d, 0x41, 0x4e, 0x72, 0x42, 0x65, 0x96, 0x9e, 0x38, 0x5b, 0x87,
-	0x58, 0xcb, 0x8c, 0x31, 0x95, 0xd5, 0x4e, 0xd1, 0xf4, 0x75, 0x98, 0x43, 0xfb, 0x9e, 0xf0, 0x2d,
+	0x0a, 0x97, 0x7a, 0x6c, 0xe6, 0x77, 0x99, 0x47, 0x39, 0x28, 0x61, 0x64, 0xde, 0x1a, 0xe9, 0xd4,
-	0x56, 0x43, 0x92, 0x05, 0xc6, 0x82, 0xf5, 0x82, 0x41, 0x3b, 0x5c, 0x47, 0x3a, 0xc1, 0x78, 0x81,
+	0xeb, 0x8f, 0x32, 0xe7, 0x07, 0x6c, 0x17, 0x2a, 0x03, 0x85, 0x8a, 0xa7, 0xa2, 0x54, 0x58, 0x09,
-	0x13, 0x8c, 0x45, 0x6b, 0x89, 0x5f, 0x63, 0xec, 0xca, 0x9d, 0xa1, 0x8e, 0xf2, 0xea, 0x0c, 0x62,
+	0x4d, 0x72, 0x02, 0x46, 0x5b, 0x2d, 0x5e, 0x74, 0x7b, 0x59, 0x9e, 0x2b, 0xac, 0x3e, 0x34, 0x15,
-	0xa3, 0x2a, 0x57, 0x21, 0xd7, 0x3e, 0xe7, 0x6c, 0xcd, 0x0f, 0xa2, 0xed, 0x1d, 0xaf, 0xf9, 0x3d,
+	0xdf, 0x63, 0x9e, 0x81, 0x22, 0x43, 0x15, 0x4f, 0xad, 0x21, 0x2f, 0xba, 0x59, 0xf3, 0xfb, 0x8c,
-	0xd6, 0x54, 0x39, 0x16, 0x32, 0x8b, 0xec, 0x58, 0x74, 0xbc, 0xd1, 0x70, 0xe0, 0x38, 0xb2, 0x63,
+	0x7d, 0xc6, 0x29, 0x88, 0x29, 0xc9, 0x89, 0xb6, 0xa2, 0xbc, 0xc8, 0xaf, 0xc9, 0xdb, 0x1a, 0xf0,
-	0xfe, 0x98, 0x75, 0xcc, 0xcc, 0x58, 0x48, 0xe3, 0x65, 0x8f, 0x9b, 0xfe, 0x18, 0xed, 0x05, 0xad,
+	0x27, 0xec, 0x7f, 0xc8, 0x72, 0xd3, 0xb8, 0xd2, 0x79, 0x2c, 0x41, 0x07, 0x6e, 0x77, 0xad, 0xef,
-	0xda, 0xec, 0xff, 0x0a, 0xd8, 0xad, 0xfd, 0x31, 0xa8, 0x49, 0x46, 0xa8, 0xed, 0x72, 0xfe, 0x9c,
+	0x47, 0xff, 0x59, 0x7e, 0x7a, 0x83, 0xf9, 0x03, 0xb6, 0xd5, 0xdc, 0x5e, 0x8b, 0x8c, 0x12, 0x68,
-	0xad, 0x41, 0x89, 0xcb, 0xb1, 0x7b, 0xfd, 0xbf, 0xce, 0xbb, 0xff, 0x9c, 0x75, 0x8e, 0x73, 0x52,
+	0xf5, 0x6d, 0xb6, 0xec, 0x1d, 0x25, 0xd0, 0x7b, 0xce, 0x76, 0xce, 0x0a, 0x92, 0xa0, 0xf5, 0x31,
-	0x60, 0xcc, 0x01, 0xd8, 0x08, 0xa7, 0x86, 0x3f, 0x64, 0x75, 0x28, 0x41, 0x49, 0x8c, 0xfd, 0x05,
+	0x98, 0x18, 0xa7, 0x9a, 0x3f, 0x64, 0x1d, 0xa8, 0x40, 0x0a, 0x4c, 0xac, 0x00, 0xff, 0x90, 0x2d,
-	0x34, 0xf7, 0xd8, 0xfc, 0xfb, 0x4e, 0xed, 0x55, 0x09, 0xea, 0xf0, 0x20, 0xac, 0x39, 0xeb, 0x30,
+	0x7e, 0xec, 0xbb, 0xaf, 0x2a, 0x90, 0x27, 0xc7, 0x91, 0x5b, 0x57, 0x27, 0xc9, 0xe1, 0xc5, 0xd5,
-	0xde, 0x3b, 0xbd, 0xbc, 0xea, 0xae, 0x7c, 0xbb, 0xea, 0xae, 0x7c, 0x99, 0x77, 0x83, 0xcb, 0x79,
+	0x75, 0xb8, 0xf2, 0xfd, 0x3a, 0x5c, 0xf9, 0xb2, 0x08, 0x9d, 0xab, 0x45, 0xe8, 0x7c, 0x5b, 0x84,
-	0x37, 0xf8, 0x3a, 0xef, 0x06, 0x3f, 0xe6, 0xdd, 0xe0, 0xf4, 0xe5, 0xbf, 0x3e, 0xdb, 0x17, 0x8b,
+	0xce, 0xcf, 0x45, 0xe8, 0x5c, 0xbc, 0xfc, 0xd7, 0xe7, 0xfd, 0xa2, 0xfd, 0x7e, 0x5a, 0x19, 0xb9,
-	0xef, 0xa7, 0x95, 0xb3, 0x9a, 0x7f, 0x93, 0xcf, 0x7e, 0x07, 0x00, 0x00, 0xff, 0xff, 0x04, 0x15,
+	0xf6, 0xed, 0x3e, 0xfb, 0x1d, 0x00, 0x00, 0xff, 0xff, 0x78, 0xf4, 0x16, 0x4e, 0x2b, 0x03, 0x00,
-	0x35, 0xdc, 0x03, 0x04, 0x00, 0x00,
+	0x00,
 }
--- a/runtime/v2/runc/options/oci.proto
+++ b/runtime/v2/runc/options/oci.proto
@ -7,33 +7,44 @@ import weak "gogoproto/gogo.proto";
 option go_package = "github.com/containerd/containerd/runtime/v2/runc/options;options";
 message Options {
 	// disable pivot root when creating a container
 	bool no_pivot_root = 1;
-	bool open_tcp = 2;
+	// create a new keyring for the container
-	bool external_unix_sockets = 3;
+	bool no_new_keyring = 2;
-	bool terminal = 4;
+	// place the shim in a cgroup
-	bool file_locks = 5;
+	string shim_cgroup = 3;
-	repeated string empty_namespaces = 6;
+	// set the I/O's pipes uid
-	string cgroups_mode = 7;
+	uint32 io_uid = 4;
-	bool no_new_keyring = 8;
+	// set the I/O's pipes gid
-	string shim_cgroup = 9;
+	uint32 io_gid = 5;
-	uint32 io_uid = 10;
+	// binary name of the runc binary
-	uint32 io_gid = 11;
+	string binary_name = 6;
-	string binary_name = 12;
+	// runc root directory
-	string root = 13;
+	string root = 7;
-	string criu_path = 14;
+	// criu binary path
-	bool systemd_cgroup = 15;
+	string criu_path = 8;
 	// enable systemd cgroups
 	bool systemd_cgroup = 9;
 }
 message CheckpointOptions {
 	// exit the container after a checkpoint
 	bool exit = 1;
 	// checkpoint open tcp connections
 	bool open_tcp = 2;
 	// checkpoint external unix sockets
 	bool external_unix_sockets = 3;
 	// checkpoint terminals (ptys)
 	bool terminal = 4;
 	// allow checkpointing of file locks
 	bool file_locks = 5;
 	// restore provided namespaces as empty namespaces
 	repeated string empty_namespaces = 6;
 	// set the cgroups mode, soft, full, strict
 	string cgroups_mode = 7;
 }
 message ProcessDetails {
 	// exec process id if the process is managed by a shim
 	string exec_id = 1;
 }