• Home
  • History
  • Annotate
Name Date Size #Lines LOC

..03-May-2022-

Godeps/H25-Apr-2016-

libcontainer/H25-Apr-2016-

man/H25-Apr-2016-

script/H25-Apr-2016-

tests/H25-Apr-2016-

.gitignoreH A D25-Apr-201679

CONTRIBUTING.mdH A D25-Apr-20164.8 KiB

DockerfileH A D25-Apr-201669

LICENSEH A D25-Apr-201610.5 KiB

MAINTAINERSH A D25-Apr-2016419

MAINTAINERS_GUIDE.mdH A D25-Apr-20165.5 KiB

MakefileH A D25-Apr-20161.4 KiB

NOTICEH A D25-Apr-2016518

PRINCIPLES.mdH A D25-Apr-20161.1 KiB

README.mdH A D25-Apr-20164.3 KiB

checkpoint.goH A D25-Apr-20162.9 KiB

delete.goH A D25-Apr-20161.2 KiB

events.goH A D25-Apr-20162.3 KiB

exec.goH A D25-Apr-20164.5 KiB

kill.goH A D25-Apr-20162.2 KiB

list.goH A D25-Apr-20162.8 KiB

main.goH A D25-Apr-20163.4 KiB

main_unix.goH A D25-Apr-201694

main_unsupported.goH A D25-Apr-2016232

pause.goH A D25-Apr-20161.2 KiB

restore.goH A D25-Apr-20164.8 KiB

rlimit_linux.goH A D25-Apr-20161.6 KiB

signals.goH A D25-Apr-20162.9 KiB

spec.goH A D25-Apr-20166.2 KiB

start.goH A D25-Apr-20163.8 KiB

state.goH A D25-Apr-20162.1 KiB

tty.goH A D25-Apr-20162.6 KiB

utils.goH A D25-Apr-20167.4 KiB

README.md

1[![Build Status](https://jenkins.dockerproject.org/buildStatus/icon?job=runc Master)](https://jenkins.dockerproject.org/job/runc Master)
2
3## runc
4
5`runc` is a CLI tool for spawning and running containers according to the OCF specification.
6
7## State of the project
8
9Currently `runc` is an implementation of the OCI specification.  We are currently sprinting
10to have a v1 of the spec out. So the `runc` config format will be constantly changing until
11the spec is finalized. However, we encourage you to try out the tool and give feedback.
12
13### OCF
14
15How does `runc` integrate with the Open Container Initiative Specification?
16`runc` depends on the types specified in the
17[specs](https://github.com/opencontainers/runtime-spec) repository. Whenever the
18specification is updated and ready to be versioned `runc` will update its dependency
19on the specs repository and support the update spec.
20
21### Building:
22
23At the time of writing, runc only builds on the Linux platform.
24
25```bash
26# create a 'github.com/opencontainers' in your GOPATH/src
27cd github.com/opencontainers
28git clone https://github.com/opencontainers/runc
29cd runc
30make
31sudo make install
32```
33
34In order to enable seccomp support you will need to install libseccomp on your platform.
35If you do not want to build `runc` with seccomp support you can add `BUILDTAGS=""` when running make.
36
37#### Build Tags
38
39`runc` supports optional build tags for compiling in support for various features.
40
41
42| Build Tag | Feature                            | Dependency  |
43|-----------|------------------------------------|-------------|
44| seccomp   | Syscall filtering                  | libseccomp  |
45| selinux   | selinux process and mount labeling | <none>      |
46| apparmor  | apparmor profile support           | libapparmor |
47
48### Testing:
49
50You can run tests for runC by using command:
51
52```bash
53# make test
54```
55
56Note that test cases are run in Docker container, so you need to install
57`docker` first. And test requires mounting cgroups inside container, it's
58done by docker now, so you need a docker version newer than 1.8.0-rc2.
59
60You can also run specific test cases by:
61
62```bash
63# make test TESTFLAGS="-run=SomeTestFunction"
64```
65
66### Using:
67
68To run a container with the id "test", execute `runc start` with the containers id as arg one
69in the bundle's root directory:
70
71```bash
72runc start test
73/ $ ps
74PID   USER     COMMAND
751     daemon   sh
765     daemon   sh
77/ $
78```
79
80### OCI Container JSON Format:
81
82OCI container JSON format is based on OCI [specs](https://github.com/opencontainers/runtime-spec).
83You can generate JSON files by using `runc spec`.
84It assumes that the file-system is found in a directory called
85`rootfs` and there is a user with uid and gid of `0` defined within that file-system.
86
87### Examples:
88
89#### Using a Docker image (requires version 1.3 or later)
90
91To test using Docker's `busybox` image follow these steps:
92* Install `docker` and download the `busybox` image: `docker pull busybox`
93* Create a container from that image and export its contents to a tar file:
94`docker export $(docker create busybox) > busybox.tar`
95* Untar the contents to create your filesystem directory:
96```
97mkdir rootfs
98tar -C rootfs -xf busybox.tar
99```
100* Create `config.json` by using `runc spec`.
101* Execute `runc start` and you should be placed into a shell where you can run `ps`:
102```
103$ runc start test
104/ # ps
105PID   USER     COMMAND
106    1 root     sh
107    9 root     ps
108```
109
110#### Using runc with systemd
111
112To use runc with systemd, you can create a unit file
113`/usr/lib/systemd/system/minecraft.service` as below (edit your
114own Description or WorkingDirectory or service name as you need).
115
116```service
117[Unit]
118Description=Minecraft Build Server
119Documentation=http://minecraft.net
120After=network.target
121
122[Service]
123CPUQuota=200%
124MemoryLimit=1536M
125ExecStart=/usr/local/bin/runc start minecraft
126Restart=on-failure
127WorkingDirectory=/containers/minecraftbuild
128
129[Install]
130WantedBy=multi-user.target
131```
132
133Make sure you have the bundle's root directory and JSON configs in
134your WorkingDirectory, then use systemd commands to start the service:
135
136```bash
137systemctl daemon-reload
138systemctl start minecraft.service
139```
140
141Note that if you use JSON configs by `runc spec`, you need to modify
142`config.json` and change `process.terminal` to false so runc won't
143create tty, because we can't set terminal from the stdin when using
144systemd service.
145