Skip to content

OCI Runtimes - Basics

homepage-banner

The OCI runtime is the executable launched by container engines. It configures the Linux kernel and subsystems to run the kernel, and its last step is to launch the container. The OCI runtime reads the OCI runtime-specification JSON file and configures the namespaces, security controls, and cgroups. Finally, it starts the container process.

Primary OCI runtime

runc

runc is the original OCI runtime. When the OCI was formed, Docker donated runc to serve as the default implementation of an OCI runtime.

Command Description
checkpoint Checkpoint a running container
create Creates a container
delete Deletes any resources held by the container often used with detached containers.
events Displays container events such as OOM notifications, CPU, memory, and IO usage statistics.
init Initializes the namespaces and launches the process.
kill Sends the specified signal (default: SIGTERM) to the container’s init process.
List Lists containers started by runc with the given root.
pause Suspends all processes inside the container.
ps Displays the processes running inside a container.
restore Restores a container from a previous checkpoint.
resume Resumes all processes that have been previously paused.
run Creates and runs a container.
spec Creates a new specification file.
start Executes the user defined process in a created container
state Outputs the state of a container.
update Updates container resource constraints.

crun

Crun is a fast and lightweight Open Container Initiative (OCI) runtime. It supports all the same commands and options as runc, but its executable is much smaller.

kata

Kata Containers is an open-source container runtime, available at https://katacontainers.io. It builds lightweight virtual machines that can seamlessly integrate into a container’s ecosystem.

gVisor

The gVisor website advertises itself as an application kernel for containers that provides efficient defense-in-depth. gVisor is a sandboxed container runtime that implements the OCI runtime specification.

Comparison

  • Open Container Initiative (OCI) Runtimes
  • Native Runtimes
    • runC
    • Railcar
    • Crun
    • rkt
  • Sandboxed and Virtualized Runtimes
    • gviso
    • nabla-containers
    • runV
    • clearcontainers
    • kata-containers
  • Container Runtime Interface
  • containerd
  • cri-o

Reference

  • Podman in Action The next generation of container engines (Dan Walsh)
  • https://opencontainers.org
  • https://github.com/opencontainers/runc
  • https://github.com/containers/crun
  • https://katacontainers.io
  • https://gvisor.dev
  • https://containerlab.dev/
Leave a message