Week 24 - Polish, Defense, Distribution¶
24.1 Conceptual Core¶
The final week is polish. Integration tests, documentation, performance profiling, and a publishable release.
24.2 Mechanical Detail-Polish Checklist¶
- All OCI lifecycle commands implemented (
create,start,state,kill,delete). - State persistence:
/run/minidocker/<id>/state.jsonsostateworks across the supervisor's restart. - Hooks:
prestart,poststart,poststopfrom the OCI spec (at least skeletal support). - Console / TTY support if the spec sets
terminal: true. - Signal forwarding from supervisor to PID 1 inside.
- Cleanup on error: cgroups removed, mounts unmounted, namespaces released.
24.3 Lab-"Defend the Project"¶
Schedule a 45-minute mock review:
- Live demo: build, run a container, exec into it, observe isolation.
- Walk through the lifecycle code with the OCI spec open beside it.
- Demo a hardened run (cgroups + caps + seccomp + LSM) and verify isolation.
- Compare with runc/crun: what's missing? What's different? Why is your design simpler?
24.4 Hardening Drill¶
- Run your runtime against
runc's integration test suite (where applicable). Document which subset passes; explain the gaps.
24.5 Production Readiness Slice¶
- Tag
v0.1.0. Generate a release artifact (goreleaserfor Go;cargo distfor Rust). Sign with cosign. Publish.
Month 6 Deliverable¶
The mini-Docker, plus the aggregated container-mastery/ repo containing every prior month's deliverable.