docs: Update documentation

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>

docs/external-disk.md

@@ -39,20 +39,9 @@ To simplify the process, two `onboot` images are available for you to use:
 ```yml
 onboot:
   - name: format
-    image: "linuxkit/format:fdbfda789fe30a97ff194a06ac51ee0ff6b3ccf4"
-    binds:
-     - /dev:/dev
-    capabilities:
-     - CAP_SYS_ADMIN
-     - CAP_MKNOD
+    image: "linuxkit/format:55afe08816c2a4d8dbae3ee51ef53e0bee422d66"
   - name: mount
-    image: "linuxkit/mount:ad138d252798d9d0d6779f7f4d35b7fbcbbeefb9"
-    binds:
-     - /dev:/dev
-     - /var:/var:rshared,rbind
-    capabilities:
-     - CAP_SYS_ADMIN
-    rootfsPropagation: shared
+    image: "linuxkit/mount:15e20f27abe69d276f796e4026531833ec5ff345"
     command: ["/mount.sh", "/var/external"]
 ```
 
@@ -62,10 +51,12 @@ Notice several key points:
     * The format container needs to have bind mounts for `/dev`
     * The format container needs `CAP_SYS_ADMIN` and `CAP_MKNOD` capabilities
     * The format container only needs to run **once**, not matter how many external disks or partitions are provided. It finds all block devices under `/dev` and processes them.
+    * The default container config should be sufficient
 2. mount container
     * The mount container `command` is `mount.sh` followed by the desired mount point. Remember that nearly everything in a linuxkit image is read-only except under `/var`, so mount it there.
     * The mount container needs to have bind mounts for `/dev` and `/var`
     * The mount container needs `CAP_SYS_ADMIN` capabilities
     * The mount container needs `rootfsPropagation: shared`
+    * The default container config should be sufficient, though the `mount.sh` command needs to be specified
 
 With the above in place, if run with the current disk options, the image will make the external disk available as `/dev/vda1` and mount it at `/var/external`.

docs/yaml.md

@@ -50,8 +50,7 @@ The image name may include tag or digest, but the matching also succeeds if the
 ## Image specification
 
 For each image in the `system` and `daemon` sections you can specify the OCI options that are passed to
-`runc`, so you can specify what capabilities are needed and so on. Generally there are few defaults.
-For more details see the [OCI specification](https://github.com/opencontainers/runtime-spec/blob/master/spec.md).
+`runc`, so you can specify what capabilities are needed and so on. Most LinuxKit packages now define defaults in the `org.mobyproject.config` image label. For more details see the [OCI specification](https://github.com/opencontainers/runtime-spec/blob/master/spec.md).
 
 - `name` a unique name for the program being executed, used as the `containerd` id.
 - `image` the Docker image to use for the root filesystem. The default command, path and environment are

pkg/swap/README.md

@@ -8,16 +8,7 @@ Normally, unless you are running explicitly in a desktop version, LinuxKit image
 ```
 onboot:
   - name: swap
-    image: "linuxkit/swap:c4c723a3d6678dc49770181bbb231ec99b271c75"
-    net: host
-    pid: host
-    capabilities:
-     - CAP_SYS_ADMIN
-     - CAP_MKNOD
-    readonly: true
-    binds:
-     - /dev:/dev
-     - /var:/var
+    image: "linuxkit/swap:085f0088dd1ef2f994e707e438218ea4d41bad13"
     command: ["swap.sh","--path","/var/external/swap","--size","2G"]
 ```