From 6c5374ffbedda87435c3cf2e301a202cc2c5f2b1 Mon Sep 17 00:00:00 2001
From: Bart Wensley <bwensley@redhat.com>
Date: Fri, 17 May 2024 12:50:08 -0400
Subject: [PATCH] config: add annotation for exec isolated CPU affinity

The runc container runtime recently introduced functionality to direct exec
operations to the first isolated CPU in a container cgroup cpuset. This is
enabled through a new runc specific container annotation:
org.opencontainers.runc.exec.isolated-cpu-affinity-transition

See https://github.com/opencontainers/runc/commit/afc23e3397 for the details.

This new functionality is also required in the crun container runtime and will
be added soon. This purpose of this commit is to add a new annotation to the
OCI runtime specification that would be used by any runtime that implements
this new functionality:
org.opencontainers.runtime.exec.isolated-cpu-affinity-transition

The runc implementation should switch to using the new annotation once it is
accepted.

Signed-off-by: Bart Wensley <bwensley@redhat.com>
---
 config.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/config.md b/config.md
index a1b39adf4..a0b01a721 100644
--- a/config.md
+++ b/config.md
@@ -712,6 +712,7 @@ The following keys in the `org.opencontainers` namespaces MAY be used:
 | `org.opencontainers.image.author`       | Indicates the author of the container image. The annotation value MUST have a valid value for the `author` property as defined in [the OCI image specification][oci-image-config-properties]. This annotation SHOULD only be used in accordance with the [OCI image specification's runtime conversion specification][oci-image-conversion]. |
 | `org.opencontainers.image.created`      | Indicates the date and time when the container image was created. The annotation value MUST have a valid value for the `created` property as defined in [the OCIimage specification][oci-image-config-properties]. This annotation SHOULD only be used in accordance with the [OCI image specification's runtime conversion specification][oci-image-conversion]. |
 | `org.opencontainers.image.stopSignal`   | Indicates signal that SHOULD be sent by the container runtimes to [kill the container](runtime.md#kill). The annotation value MUST have a valid value for the `config.StopSignal` property as defined in [the OCI image specification][oci-image-config-properties]. This annotation SHOULD only be used in accordance with the [OCI image specification's runtime conversion specification][oci-image-conversion]. |
+| `org.opencontainers.runtime.exec.isolated-cpu-affinity-transition` | Controls the CPU affinity of a process created with an exec into an existing container. This annotation supports these values:<br>`temporary`: to temporarily set the process CPU affinity to the first isolated CPU of the container cgroup cpuset<br>`definitive`: to definitively (i.e. permanently) set the process CPU affinity to the first isolated CPU of the container cgroup cpuset |
 
 All other keys in the `org.opencontainers` namespace not specified in this above table are reserved and MUST NOT be used by subsequent specifications.
 Runtimes MUST handle unknown annotation keys like any other [unknown property](#extensibility).