Open Container Initiative

Announcing runC - a lightweight universal runtime container.

About runC

runC is a CLI tool for spawning and running containers according to the OCI specification. The code can be found on Github.

Embeddable

Containers are started as a child process of runC and can be embedded into various other systems without having to run a daemon.

Battle Hardened

runC is built on libcontainer, the same container technology powering millions of Docker Engine installations.

Unopinionated

runC does not force you to have a particular workflow or deployment setup, it only requires a root filesystem and configuration.

Getting started

runC only requires a root filesystem and a configuration in order to start containers.

Creation and extraction of root filesystems is beyond the scope of runC, however you could use Docker to generate a filesystem for a runC container.

$ mkdir /tmp/myapp/rootfs
$ docker export myapp | tar xvfC - /tmp/myapp/rootfs

The OCI also defines an image specification, and there are a variety of tools that are available that also allow you to create a root filesystem using OCI images. Examples of such tools include oci-image-tools, skopeo, and umoci.

$ skopeo copy docker://busybox:latest oci:busybox:latest
$ oci-create-runtime-bundle busybox /tmp/myapp
$ umoci unpack --image busybox:latest /tmp/myapp

Or you can start with just a directory that has a root filesystem already in it:

$ ls /tmp/myapp/rootfs
bin      etc      lib      linuxrc  mnt      proc     run      sys      usr
dev      home     lib64    media    opt      root     sbin     tmp      var

In the parent directory, create an OCI runtime configuration file, or let runC generate one for you.

$ cd /tmp/myapp
$ runc spec
$ ls
config.json  rootfs

Edit the config.json to your liking, to specify the commands you would like to run, or any other options. You can now run a container with runC.

$ runc run container-name
sh-4.4#

runC also supports the concept of creating and starting a container as separate operations.

$ runc create container-name
$ # Do some further set up.
$ runc start container-name

Systemd Integration

runC does not create a daemon, so it integrates well with systemd.

[Unit]
Description=Minecraft Build Server
Documentation=http://minecraft.net
After=network.target

[Service]
Type=forking
ExecStart=/usr/local/sbin/runc run -d --pid-file /run/minecraft.pid minecraft-build-container
ExecStopPost=/usr/local/sbin/runc delete minecraft-build-container
WorkingDirectory=/opt/minecraft
PIDFile=/run/minecraft.pid

[Install]
WantedBy=multi-user.target