[![Build Status](https://jenkins.dockerproject.org/buildStatus/icon?job=runc Master)](https://jenkins.dockerproject.org/job/runc Master) ## runc `runc` is a CLI tool for spawning and running containers according to the OCI specification. ## State of the project Currently `runc` is an implementation of the OCI specification. We are currently sprinting to have a v1 of the spec out. So the `runc` config format will be constantly changing until the spec is finalized. However, we encourage you to try out the tool and give feedback. ### OCI How does `runc` integrate with the Open Container Initiative Specification? `runc` depends on the types specified in the [specs](https://github.com/opencontainers/runtime-spec) repository. Whenever the specification is updated and ready to be versioned `runc` will update its dependency on the specs repository and support the update spec. ### Building: At the time of writing, runc only builds on the Linux platform. ```bash # create a 'github.com/opencontainers' in your GOPATH/src cd github.com/opencontainers git clone https://github.com/opencontainers/runc cd runc make sudo make install ``` In order to enable seccomp support you will need to install libseccomp on your platform. If you do not want to build `runc` with seccomp support you can add `BUILDTAGS=""` when running make. #### Build Tags `runc` supports optional build tags for compiling in support for various features. | Build Tag | Feature | Dependency | |-----------|------------------------------------|-------------| | seccomp | Syscall filtering | libseccomp | | selinux | selinux process and mount labeling | | | apparmor | apparmor profile support | libapparmor | ### Testing: You can run tests for runC by using command: ```bash # make test ``` Note that test cases are run in Docker container, so you need to install `docker` first. And test requires mounting cgroups inside container, it's done by docker now, so you need a docker version newer than 1.8.0-rc2. You can also run specific test cases by: ```bash # make test TESTFLAGS="-run=SomeTestFunction" ``` ### Using: To run a container with the id "test", execute `runc run` with the containers id as arg one in the bundle's root directory: ```bash runc run test / $ ps PID USER COMMAND 1 daemon sh 5 daemon sh / $ ``` ### OCI Container JSON Format: OCI container JSON format is based on OCI [specs](https://github.com/opencontainers/runtime-spec). You can generate JSON files by using `runc spec`. It assumes that the file-system is found in a directory called `rootfs` and there is a user with uid and gid of `0` defined within that file-system. ### Examples: #### Using a Docker image (requires version 1.3 or later) To test using Docker's `busybox` image follow these steps: * Install `docker` and download the `busybox` image: `docker pull busybox` * Create a container from that image and export its contents in a directory: ``` mkdir rootfs docker export $(docker create busybox) | tar -C rootfs -xvf - ``` * Create `config.json` by using `runc spec`. * Execute `runc run` and you should be placed into a shell where you can run `ps`: ``` $ runc run test / # ps PID USER COMMAND 1 root sh 9 root ps ``` #### Using runc with systemd To use runc with systemd, you can create a unit file `/usr/lib/systemd/system/minecraft.service` as below (edit your own Description or WorkingDirectory or service name as you need). ```service [Unit] Description=Minecraft Build Server Documentation=http://minecraft.net After=network.target [Service] CPUQuota=200% MemoryLimit=1536M ExecStart=/usr/local/sbin/runc run minecraft Restart=on-failure WorkingDirectory=/containers/minecraftbuild [Install] WantedBy=multi-user.target ``` Make sure you have the bundle's root directory and JSON configs in your WorkingDirectory, then use systemd commands to start the service: ```bash systemctl daemon-reload systemctl start minecraft.service ``` Note that if you use JSON configs by `runc spec`, you need to modify `config.json` and change `process.terminal` to false so runc won't create tty, because we can't set terminal from the stdin when using systemd service.