OCI
Definition
OCI, or Open Container Initiative, is an open governance structure for the express purpose of creating open industry standards around container formats and runtimes. It aims to ensure that container technology remains open and vendor-neutral, allowing for interoperability and consistency across different platforms and environments. The OCI provides specifications for container runtime and image formats, which are widely adopted in the container ecosystem.
Secure Settings Example
# Example of a secure OCI container runtime configuration
{
"ociVersion": "1.0.2",
"process": {
"user": {
"uid": 1000,
"gid": 1000
},
"capabilities": {
"bounding": [
"CAP_NET_BIND_SERVICE",
"CAP_CHOWN"
]
},
"noNewPrivileges": true
},
"root": {
"path": "rootfs",
"readonly": true
},
"mounts": [
{
"destination": "/proc",
"type": "proc",
"source": "proc",
"options": ["nosuid", "noexec", "nodev"]
}
]
}
Insecure Settings Example
# Example of an insecure OCI container runtime configuration
{
"ociVersion": "1.0.2",
"process": {
"user": {
"uid": 0,
"gid": 0
},
"capabilities": {
"bounding": [
"CAP_SYS_ADMIN",
"CAP_NET_ADMIN"
]
},
"noNewPrivileges": false
},
"root": {
"path": "rootfs",
"readonly": false
},
"mounts": [
{
"destination": "/proc",
"type": "proc",
"source": "proc",
"options": []
}
]
}