Update github.com/opecontainers/specs to 5b31bb2b77

Signed-off-by: Mrunal Patel <mrunalp@gmail.com>

Make runc changes required to pull in the updated spec

Signed-off-by: Mrunal Patel <mrunalp@gmail.com>

Godeps/Godeps.json

@@ -48,7 +48,7 @@
 		},
 		{
 			"ImportPath": "github.com/opencontainers/specs",
-			"Rev": "08873003592da169f89ec7c671ed34e1a2333ef8"
+			"Rev": "5b31bb2b7771e5074a4eb14eca432da1ca5182d6"
 		},
 		{
 			"ImportPath": "github.com/syndtr/gocapability/capability",

Godeps/_workspace/src/github.com/opencontainers/specs/LICENSE

@@ -0,0 +1,191 @@
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   Copyright 2015 The Linux Foundation.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

Godeps/_workspace/src/github.com/opencontainers/specs/README.md

@@ -1,6 +1,6 @@
 # Open Container Specifications
 
-This project is where the Open Container Project Specifications are written. This is a work in progress. We should have a first draft by end of July 2015.
+This project is where the [Open Container Initiative](http://www.opencontainers.org/) Specifications are written. This is a work in progress. We should have a first draft by end of July 2015.
 
 Table of Contents
 
@@ -9,6 +9,14 @@ Table of Contents
   - [Linux Specific Configuration](config-linux.md)
 - [Runtime and Lifecycle](runtime.md)
 
+## Use Cases
+
+To provide context for users the following section gives example use cases for each part of the spec.
+
+### Filesystem Bundle & Configuration
+
+- A user can create a root filesystem and configuration, with low-level OS and host specific details, and launch it as a container under an Open Container runtime.
+
 # The 5 principles of Standard Containers
 
 Define a unit of software delivery called a Standard Container. The goal of a Standard Container is to encapsulate a software component and all its dependencies in a format that is self-describing and portable, so that any compliant runtime can run it without extra dependencies, regardless of the underlying machine and the contents of the container.
@@ -43,3 +51,79 @@ There are 17 million shipping containers in existence, packed with every physica
 
 With Standard Containers we can put an end to that embarrassment, by making INDUSTRIAL-GRADE DELIVERY of software a reality.
 
+# Contributing
+
+Development happens on github for the spec.  Issues are used for bugs and actionable items and longer
+discussions can happen on the mailing list.  You can subscribe and join the mailing list on
+[google groups](https://groups.google.com/a/opencontainers.org/forum/#!forum/dev).
+
+The specification and code is licensed under the Apache 2.0 license found in 
+the `LICENSE` file of this repository.  
+
+## Weekly Call
+
+The contributors and maintainers of the project have a weekly meeting Wednesdays at 10:00 AM PST.
+Everyone is welcome to participate in the call.  The link to the call will be posted on the mailing
+list each week along with set topics for discussion.
+Minutes for the call will be posted to the mailing list for those who are unable to join the call.
+
+## Markdown style
+
+To keep consistency throughout the Markdown files in the Open Container spec all files should be formatted one sentence per line.
+This fixes two things: it makes diffing easier with git and it resolves fights about line wrapping length.
+For example, this paragraph will span three lines in the Markdown source.
+
+### Sign your work
+
+The sign-off is a simple line at the end of the explanation for the
+patch, which certifies that you wrote it or otherwise have the right to
+pass it on as an open-source patch.  The rules are pretty simple: if you
+can certify the below (from
+[developercertificate.org](http://developercertificate.org/)):
+
+```
+Developer Certificate of Origin
+Version 1.1
+
+Copyright (C) 2004, 2006 The Linux Foundation and its contributors.
+660 York Street, Suite 102,
+San Francisco, CA 94110 USA
+
+Everyone is permitted to copy and distribute verbatim copies of this
+license document, but changing it is not allowed.
+
+
+Developer's Certificate of Origin 1.1
+
+By making a contribution to this project, I certify that:
+
+(a) The contribution was created in whole or in part by me and I
+    have the right to submit it under the open source license
+    indicated in the file; or
+
+(b) The contribution is based upon previous work that, to the best
+    of my knowledge, is covered under an appropriate open source
+    license and I have the right under that license to submit that
+    work with modifications, whether created in whole or in part
+    by me, under the same open source license (unless I am
+    permitted to submit under a different license), as indicated
+    in the file; or
+
+(c) The contribution was provided directly to me by some other
+    person who certified (a), (b) or (c) and I have not modified
+    it.
+
+(d) I understand and agree that this project and the contribution
+    are public and that a record of the contribution (including all
+    personal information I submit with it, including my sign-off) is
+    maintained indefinitely and may be redistributed consistent with
+    this project or the open source license(s) involved.
+```
+
+then you just add a line to every git commit message:
+
+    Signed-off-by: Joe Smith <joe@gmail.com>
+
+using your real name (sorry, no pseudonyms or anonymous contributions.)
+
+You can add the sign off when creating the git commit via `git commit -s`.

Godeps/_workspace/src/github.com/opencontainers/specs/bundle.md

@@ -21,7 +21,7 @@ One or more *content directories* may be adjacent to the configuration file. Thi
 ```
 /
 !
--- config.json
+--- config.json
 !
 --- rootfs
 !

Godeps/_workspace/src/github.com/opencontainers/specs/config-linux.md

@@ -97,7 +97,7 @@ in [the man page](http://man7.org/linux/man-pages/man7/capabilities.7.html)
 sysctl allows kernel parameters to be modified at runtime for the container.
 For more information, see [the man page](http://man7.org/linux/man-pages/man8/sysctl.8.html)
 
-```
+```json
    "sysctl": {
         "net.ipv4.ip_forward": "1",
         "net.core.somaxconn": "256"
@@ -106,7 +106,7 @@ For more information, see [the man page](http://man7.org/linux/man-pages/man8/sy
 
 ## Linux rlimits
 
-```
+```json
    "rlimits": [
         {
             "type": "RLIMIT_NPROC",
@@ -120,7 +120,7 @@ rlimits allow setting resource limits. The type is from the values defined in [t
 
 ## Linux user namespace mappings
 
-```
+```json
     "uidMappings": [
         {
             "hostID": 1000,
@@ -137,7 +137,14 @@ rlimits allow setting resource limits. The type is from the values defined in [t
     ]
 ```
 
-uid/gid mappings describe the user namespace mappings from the host to the container. *from* is the starting uid/gid on the host to be mapped to *to* which is the starting uid/gid in the container and *count* refers to the number of ids to be mapped. The Linux kernel has a limit of 5 such mappings that can be specified.
+uid/gid mappings describe the user namespace mappings from the host to the container. *hostID* is the starting uid/gid on the host to be mapped to *containerID* which is the starting uid/gid in the container and *size* refers to the number of ids to be mapped. The Linux kernel has a limit of 5 such mappings that can be specified.
+
+## Rootfs Mount Propagation
+rootfsPropagation sets the rootfs's mount propagation. Its value is either slave, private, or shared. [The kernel doc](https://www.kernel.org/doc/Documentation/filesystems/sharedsubtree.txt) has more information about mount propagation.
+
+```json
+    "rootfsPropagation": "slave",
+```
 
 ## Security
 

Godeps/_workspace/src/github.com/opencontainers/specs/config.md

@@ -80,8 +80,8 @@ Additional filesystems can be declared as "mounts", specified in the *mounts* ar
 "mounts": [
     {
         "type": "ntfs",
-        "source": "\\?\Volume\{2eca078d-5cbc-43d3-aff8-7e8511f60d0e}\",
+        "source": "\\\\?\\Volume\\{2eca078d-5cbc-43d3-aff8-7e8511f60d0e}\\",
-        "destination": "C:\Users\crosbymichael\My Fancy Mount Point\",
+        "destination": "C:\\Users\\crosbymichael\\My Fancy Mount Point\\",
         "options": ""
     }
 ]

Godeps/_workspace/src/github.com/opencontainers/specs/runtime.md

@@ -12,6 +12,48 @@ Runs a process in a container. Can be invoked several times.
 
 ### Stop (process)
 
-Not sure we need that from oc cli. Process is killed from the outside.
+Not sure we need that from runc cli. Process is killed from the outside.
 
-This event needs to be captured by oc to run onstop event handlers.
+This event needs to be captured by runc to run onstop event handlers.
+
+## Hooks
+Hooks allow one to run code before/after various lifecycle events of the container.
+The state of the container is passed to the hooks over stdin, so the hooks could get the information they need to do their work.
+
+Hook paths are absolute and are executed from the host's filesystem.
+
+### Pre-start
+The pre-start hooks are called after the container process is spawned, but before the user supplied command is executed.
+They are called after the container namespaces are created on Linux, so they provide an opportunity to customize the container.
+In Linux, for e.g., the network namespace could be configured in this hook.
+
+If a hook returns a non-zero exit code, then an error including the exit code and the stderr is returned to the caller and the container is torn down.
+
+### Post-stop
+The post-stop hooks are called after the container process is stopped. Cleanup or debugging could be performed in such a hook.
+If a hook returns a non-zero exit code, then an error is logged and the remaining hooks are executed.
+
+*Example*
+
+```json
+    "hooks" : {
+        "prestart": [
+            {
+                "path": "/usr/bin/fix-mounts",
+                "args": ["arg1", "arg2"],
+                "env":  [ "key1=value1"]
+            },
+            {
+                "path": "/usr/bin/setup-network"
+            }
+        ],
+        "poststop": [
+            {
+                "path": "/usr/sbin/cleanup.sh",
+                "args": ["-f"]
+            }
+        ]
+    }
+```
+
+`path` is required for a hook. `args` and `env` are optional.

Godeps/_workspace/src/github.com/opencontainers/specs/spec.go

@@ -11,10 +11,20 @@ type Spec struct {
 	Process Process `json:"process"`
 	// Root is the root information for the container's filesystem.
 	Root Root `json:"root"`
-	// Hostname is the containers host name.
+	// Hostname is the container's host name.
 	Hostname string `json:"hostname"`
 	// Mounts profile configuration for adding mounts to the container's filesystem.
 	Mounts []Mount `json:"mounts"`
+	// Hooks are the commands run at various lifecycle events of the container.
+	Hooks Hooks `json:"hooks"`
+}
+
+type Hooks struct {
+	// Prestart is a list of hooks to be run before the container process is executed.
+	// On Linux, they are run after the container namespaces are created.
+	Prestart []Hook `json:"prestart"`
+	// Poststop is a list of hooks to be run after the container process exits.
+	Poststop []Hook `json:"poststop"`
 }
 
 // Mount specifies a mount for a container.
@@ -61,3 +71,10 @@ type Platform struct {
 	// Arch is the architecture
 	Arch string `json:"arch"`
 }
+
+// Hook specifies a command that is run at a particular event in the lifecycle of a container.
+type Hook struct {
+	Path string   `json:"path"`
+	Args []string `json:"args"`
+	Env  []string `json:"env"`
+}

Godeps/_workspace/src/github.com/opencontainers/specs/spec_linux.go

@@ -2,101 +2,107 @@
 
 package specs
 
-// LinuxSpec is the full specification for linux containers.
+// LinuxSpec is the full specification for Linux containers
 type LinuxSpec struct {
 	Spec
-	// Linux is platform specific configuration for linux based containers.
+	// Linux is platform specific configuration for Linux based containers
 	Linux Linux `json:"linux"`
 }
 
-// Linux contains platform specific configuration for linux based containers.
+// Linux contains platform specific configuration for Linux based containers
 type Linux struct {
-	// UidMapping specifies user mappings for supporting user namespaces on linux.
+	// UIDMapping specifies user mappings for supporting user namespaces on Linux
-	UidMappings []IDMapping `json:"uidMappings"`
+	UIDMappings []IDMapping `json:"uidMappings"`
-	// UidMapping specifies group mappings for supporting user namespaces on linux.
+	// GIDMapping specifies group mappings for supporting user namespaces on Linux
-	GidMappings []IDMapping `json:"gidMappings"`
+	GIDMappings []IDMapping `json:"gidMappings"`
-	// Rlimits specifies rlimit options to apply to the container's process.
+	// Rlimits specifies rlimit options to apply to the container's process
 	Rlimits []Rlimit `json:"rlimits"`
-	// Sysctl are a set of key value pairs that are set for the container on start.
+	// Sysctl are a set of key value pairs that are set for the container on start
 	Sysctl map[string]string `json:"sysctl"`
 	// Resources contain cgroup information for handling resource constraints
-	// for the container.
+	// for the container
 	Resources Resources `json:"resources"`
-	// Namespaces contains the namespaces that are created and/or joined by the container.
+	// Namespaces contains the namespaces that are created and/or joined by the container
 	Namespaces []Namespace `json:"namespaces"`
-	// Capabilities are linux capabilities that are kept for the container.
+	// Capabilities are Linux capabilities that are kept for the container
 	Capabilities []string `json:"capabilities"`
-	// Devices are a list of device nodes that are created and enabled for the container.
+	// Devices are a list of device nodes that are created and enabled for the container
 	Devices []string `json:"devices"`
+	// RootfsPropagation is the rootfs mount propagation mode for the container
+	RootfsPropagation string `json:"rootfsPropagation"`
 }
 
-// User specifies linux specific user and group information for the container's
+// User specifies Linux specific user and group information for the container's
-// main process.
+// main process
 type User struct {
-	// Uid is the user id.
+	// Uid is the user id
-	Uid int32 `json:"uid"`
+	UID int32 `json:"uid"`
-	// Gid is the group id.
+	// Gid is the group id
-	Gid int32 `json:"gid"`
+	GID int32 `json:"gid"`
-	// AdditionalGids are additional group ids set the the container's process.
+	// AdditionalGids are additional group ids set for the container's process
 	AdditionalGids []int32 `json:"additionalGids"`
 }
 
-// Namespace is the configuration for a linux namespace.
+// Namespace is the configuration for a Linux namespace
 type Namespace struct {
-	// Type is the type of linux namespace.
+	// Type is the type of Linux namespace
 	Type string `json:"type"`
 	// Path is a path to an existing namespace persisted on disk that can be joined
-	// and is of the same type.
+	// and is of the same type
 	Path string `json:"path"`
 }
 
-// IDMapping specifies uid/gid mappings.
+// IDMapping specifies UID/GID mappings
 type IDMapping struct {
-	// HostID is the uid/gid of the host user or group.
+	// HostID is the UID/GID of the host user or group
 	HostID int32 `json:"hostID"`
-	// ContainerID is the uid/gid of the container's user or group.
+	// ContainerID is the UID/GID of the container's user or group
 	ContainerID int32 `json:"containerID"`
-	// Size is the length of the range of IDs mapped between the two namespaces.
+	// Size is the length of the range of IDs mapped between the two namespaces
 	Size int32 `json:"size"`
 }
 
-// Rlimit type and restrictions.
+// Rlimit type and restrictions
 type Rlimit struct {
-	// Type of the rlimit to set.
+	// Type of the rlimit to set
 	Type int `json:"type"`
-	// Hard is the hard limit for the specified type.
+	// Hard is the hard limit for the specified type
 	Hard uint64 `json:"hard"`
-	// Soft is the soft limit for the specified type.
+	// Soft is the soft limit for the specified type
 	Soft uint64 `json:"soft"`
 }
 
+// HugepageLimit structure corresponds to limiting kernel hugepages
 type HugepageLimit struct {
 	Pagesize string `json:"pageSize"`
 	Limit    int    `json:"limit"`
 }
 
+// InterfacePriority for network interfaces
 type InterfacePriority struct {
-	// Name is the name of the network interface.
+	// Name is the name of the network interface
 	Name string `json:"name"`
-	// Priority for the interface.
+	// Priority for the interface
 	Priority int64 `json:"priority"`
 }
 
+// BlockIO for Linux cgroup 'blockio' resource management
 type BlockIO struct {
-	// Specifies per cgroup weight, range is from 10 to 1000.
+	// Specifies per cgroup weight, range is from 10 to 1000
 	Weight int64 `json:"blkioWeight"`
-	// Weight per cgroup per device, can override BlkioWeight.
+	// Weight per cgroup per device, can override BlkioWeight
 	WeightDevice string `json:"blkioWeightDevice"`
-	// IO read rate limit per cgroup per device, bytes per second.
+	// IO read rate limit per cgroup per device, bytes per second
 	ThrottleReadBpsDevice string `json:"blkioThrottleReadBpsDevice"`
-	// IO write rate limit per cgroup per divice, bytes per second.
+	// IO write rate limit per cgroup per divice, bytes per second
 	ThrottleWriteBpsDevice string `json:"blkioThrottleWriteBpsDevice"`
-	// IO read rate limit per cgroup per device, IO per second.
+	// IO read rate limit per cgroup per device, IO per second
 	ThrottleReadIOpsDevice string `json:"blkioThrottleReadIopsDevice"`
-	// IO write rate limit per cgroup per device, IO per second.
+	// IO write rate limit per cgroup per device, IO per second
 	ThrottleWriteIOpsDevice string `json:"blkioThrottleWriteIopsDevice"`
 }
 
+// Memory for Linux cgroup 'memory' resource management
 type Memory struct {
 	// Memory limit (in bytes)
 	Limit int64 `json:"limit"`
@@ -106,45 +112,48 @@ type Memory struct {
 	Swap int64 `json:"swap"`
 	// Kernel memory limit (in bytes)
 	Kernel int64 `json:"kernel"`
-	// How aggressive the kernel will swap memory pages. Range from 0 to 100. Set -1 to use system default.
+	// How aggressive the kernel will swap memory pages. Range from 0 to 100. Set -1 to use system default
 	Swappiness int64 `json:"swappiness"`
 }
 
+// CPU for Linux cgroup 'cpu' resource management
 type CPU struct {
-	// CPU shares (relative weight vs. other cgroups with cpu shares).
+	// CPU shares (relative weight vs. other cgroups with cpu shares)
 	Shares int64 `json:"shares"`
-	// CPU hardcap limit (in usecs). Allowed cpu time in a given period.
+	// CPU hardcap limit (in usecs). Allowed cpu time in a given period
 	Quota int64 `json:"quota"`
-	// CPU period to be used for hardcapping (in usecs). 0 to use system default.
+	// CPU period to be used for hardcapping (in usecs). 0 to use system default
 	Period int64 `json:"period"`
-	// How many time CPU will use in realtime scheduling (in usecs).
+	// How many time CPU will use in realtime scheduling (in usecs)
 	RealtimeRuntime int64 `json:"realtimeRuntime"`
-	// CPU period to be used for realtime scheduling (in usecs).
+	// CPU period to be used for realtime scheduling (in usecs)
 	RealtimePeriod int64 `json:"realtimePeriod"`
-	// CPU to use within the cpuset.
+	// CPU to use within the cpuset
 	Cpus string `json:"cpus"`
-	// MEM to use within the cpuset.
+	// MEM to use within the cpuset
 	Mems string `json:"mems"`
 }
 
+// Network identification and priority configuration
 type Network struct {
-	// Set class identifier for container's network packets.
+	// Set class identifier for container's network packets
 	ClassID string `json:"classId"`
-	// Set priority of network traffic for container.
+	// Set priority of network traffic for container
 	Priorities []InterfacePriority `json:"priorities"`
 }
 
+// Resources has container runtime resource constraints
 type Resources struct {
-	// DisableOOMKiller disables the OOM killer for out of memory conditions.
+	// DisableOOMKiller disables the OOM killer for out of memory conditions
 	DisableOOMKiller bool `json:"disableOOMKiller"`
-	// Memory restriction configuration.
+	// Memory restriction configuration
 	Memory Memory `json:"memory"`
-	// CPU resource restriction configuration.
+	// CPU resource restriction configuration
 	CPU CPU `json:"cpu"`
-	// BlockIO restriction configuration.
+	// BlockIO restriction configuration
 	BlockIO BlockIO `json:"blockIO"`
 	// Hugetlb limit (in bytes)
 	HugepageLimits []HugepageLimit `json:"hugepageLimits"`
-	// Network restriction configuration.
+	// Network restriction configuration
 	Network Network `json:"network"`
 }

spec.go

@@ -316,7 +316,7 @@ func setReadonly(config *configs.Config) {
 }
 
 func setupUserNamespace(spec *specs.LinuxSpec, config *configs.Config) error {
-	if len(spec.Linux.UidMappings) == 0 {
+	if len(spec.Linux.UIDMappings) == 0 {
 		return nil
 	}
 	config.Namespaces.Add(configs.NEWUSER, "")
@@ -327,10 +327,10 @@ func setupUserNamespace(spec *specs.LinuxSpec, config *configs.Config) error {
 			Size:        int(m.Size),
 		}
 	}
-	for _, m := range spec.Linux.UidMappings {
+	for _, m := range spec.Linux.UIDMappings {
 		config.UidMappings = append(config.UidMappings, create(m))
 	}
-	for _, m := range spec.Linux.GidMappings {
+	for _, m := range spec.Linux.GIDMappings {
 		config.GidMappings = append(config.GidMappings, create(m))
 	}
 	rootUid, err := config.HostUID()

utils.go

@@ -168,7 +168,7 @@ func newProcess(p specs.Process) *libcontainer.Process {
 		Args: p.Args,
 		Env:  p.Env,
 		// TODO: fix libcontainer's API to better support uid/gid in a typesafe way.
-		User:   fmt.Sprintf("%d:%d", p.User.Uid, p.User.Gid),
+		User:   fmt.Sprintf("%d:%d", p.User.UID, p.User.GID),
 		Cwd:    p.Cwd,
 		Stdin:  os.Stdin,
 		Stdout: os.Stdout,