Skip to content

Commit a2b789d

Browse files
committed
fix(docs): scope fenced code language linting
1 parent af5e73d commit a2b789d

3 files changed

Lines changed: 13 additions & 9 deletions

File tree

.markdownlint-cli2.jsonc

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -23,6 +23,8 @@
2323
"MD024": { "siblings_only": true },
2424
// Bare URLs are fine in changelogs and tables.
2525
"MD034": false,
26+
// Internal docs commonly use bare fences for diagrams and terminal sketches.
27+
"MD040": false,
2628
// First line does not need to be a heading.
2729
"MD002": false,
2830
// Repo uses padded table pipes (`| foo | bar |`); rule default is "compact".

architecture/podman-rootless-networking.md

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -35,7 +35,7 @@ For rootful bridge networking:
3535
6. Netavark configures iptables/nftables rules -- masquerade for outbound, DNAT for port mappings
3636
7. Netavark starts aardvark-dns if DNS is enabled, listening on the bridge gateway address
3737

38-
```text
38+
```
3939
Host Kernel
4040
|
4141
+-- Bridge interface (e.g., "podman0") <-- created by Netavark
@@ -60,7 +60,7 @@ Unprivileged users cannot create network interfaces on the host. They cannot cre
6060

6161
Pasta (part of the `passt` project -- same binary, different command name) operates entirely in userspace, translating between the container's L2 TAP interface and the host's L4 sockets. It requires no capabilities or privileges.
6262

63-
```text
63+
```
6464
Container Network Namespace
6565
|
6666
+-- TAP device (e.g., "eth0")
@@ -131,7 +131,7 @@ Unlike bridge networking, pasta containers are isolated from each other by defau
131131

132132
The Podman compute driver creates three layers of network isolation:
133133

134-
```text
134+
```
135135
Namespace 1: Host
136136
|
137137
pasta manages port forwarding (127.0.0.1:<ephemeral>)
@@ -164,7 +164,7 @@ client.ensure_network(&config.network_name).await?;
164164

165165
This creates a bridge network named `"openshell"` (default from `DEFAULT_NETWORK_NAME` in `openshell-core/src/config.rs`) with `dns_enabled: true`. In rootless mode, this bridge exists inside a user namespace managed by pasta. The bridge IP range (e.g., `10.89.x.x`) is not routable from the host.
166166

167-
```text
167+
```
168168
Host (your machine)
169169
|
170170
127.0.0.1:<ephemeral> <--- pasta binds this on the host
@@ -212,7 +212,7 @@ The bridge gateway IP does NOT work for this purpose in rootless mode because it
212212

213213
Inside the container, the supervisor creates another network namespace (`netns.rs:53-178`, setup at lines 53-63, `ip netns add` at line 77) for the user workload:
214214

215-
```text
215+
```
216216
Container (10.89.1.2 on the Podman bridge)
217217
|
218218
[Supervisor process - runs in container's default netns]
@@ -247,7 +247,7 @@ A tmpfs is mounted at `/run/netns` in the container spec (`container.rs:458-463`
247247

248248
### SSH Session: Client to Sandbox Shell
249249

250-
```text
250+
```
251251
Client (CLI on user's machine)
252252
|
253253
1. gRPC: CreateSshSession -> gateway (returns token, connect_path)
@@ -281,7 +281,7 @@ The SSH daemon listens on a Unix socket (not a TCP port) with 0600 permissions.
281281

282282
### Outbound HTTP Request from Sandbox Process
283283

284-
```text
284+
```
285285
User's code (inner netns, 10.200.0.2)
286286
|
287287
1. curl https://api.example.com
@@ -306,7 +306,7 @@ Supervisor proxy (10.200.0.1:3128 in container netns)
306306

307307
### Supervisor gRPC Callback to Gateway
308308

309-
```text
309+
```
310310
Supervisor (container netns, 10.89.x.2)
311311
|
312312
1. gRPC connect to http://host.containers.internal:8080

docs/.markdownlint-cli2.jsonc

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,8 @@
33
// MDX pages get their title from Fern frontmatter, not a top-level H1.
44
"MD041": false,
55
// MDX uses JSX components (<Callout>, <CodeBlock>, ...) that look like HTML.
6-
"MD033": false
6+
"MD033": false,
7+
// Published docs should label fenced code blocks for rendering and copy UX.
8+
"MD040": true
79
}
810
}

0 commit comments

Comments
 (0)