Download Runc
Alfonsa Pan
I'm not quite sure what docker meant by oci vs runc back when this question was asked, it was probably differentiating between a built-in runtime in the docker engine when they were forking off the runc code. That has long finished and you'll only see runc and containerd.runc runtimes in current docker installs. The reason the wording is confusing is because runc is an OCI project.
Although runC itself can create a container manifest (runc spec > config.json), the resulting file is pretty generic, and will probably still have to be filled in with many environmental variables. Why do that manually when the Docker engine captures that information automatically?
"runc" is a command line client for running applications packaged accordingto the Open Container Format (OCF) and is a compliant implementation ofthe Open Container Project specification. Other Packages Related to runc
- depends
- recommends
- suggests
- enhances
- dep:libc6 (>= 2.34) GNU C Library: Shared libraries
also a virtual package provided by libc6-udeb - dep:libgcc-s1 (>= 3.4) [ppc64] GCC support library
- dep:libgo22 [ppc64] Runtime library for GNU Go applications
- dep:libseccomp2 (>= 2.5.0) high level interface to Linux seccomp filter
- rec:criu checkpoint and restore in userspace Download runc Download for all available architectures ArchitecturePackage SizeInstalled SizeFiles amd642,681.3 kB8,667.0 kB [list of files] arm642,315.8 kB8,383.0 kB [list of files] armel2,277.9 kB8,270.0 kB [list of files] armhf2,273.5 kB8,238.0 kB [list of files] i3862,441.5 kB8,256.0 kB [list of files] mips64el2,058.8 kB9,620.0 kB [list of files] ppc64 (unofficial port)2,615.3 kB18,680.0 kB [list of files] ppc64el2,293.4 kB8,638.0 kB [list of files] riscv642,339.5 kB8,483.0 kB [list of files] s390x2,440.9 kB9,307.0 kB [list of files] This page is also available in the following languages (How to set the default document language):
If I try --allowerasing, sure that might work... but is it safe to erase these runc, podman and containerd files??? Will it work after that?It's so strange to be happening on such a major distro but I can't find a solid resolution.
From the error you can see that it has to do with runc and cgroup v2 but I am super uncertain if downgrading to cgroup v1 is the way to go here or not or if there is another core probelm. Thx for any help
runc is a command line client for running applications packaged according to the Open Container Initiative (OCI) format and is a compliant implementation of the Open Container Initiative specification
As I explained in Dockerless, part 1: Which tools to replace Docker with and why , there is an Open Containers Initiative (OCI) and specifications for how to run containers and manage container images. runc is compliant with this specification, but there are other runtimes that are OCI-compliant. You can even run OCI-compliant virtual machines.
There is no reason to use runc daily. It's one of those small internal utilities that is not meant to be used directly. But we are going to do it anyway, just to understand a bit better how containers work.
runc doesn't have a concept of "images", like Podman or Docker do. You can not just execute runc run nginx:latest. Instead, runc expects you to provide an "OCI bundle", which is basically a root filesystem and a config.json file.
What we copied is an OCI Image, but as we already know, runc needs OCI Runtime Bundle. We need a tool that would convert an Image to a Bundle. This tool will be umoci - an openSUSE utility with the only purpose of manipulating OCI images. To install it, grab latest release from Github Releases and make it available on your PATH. At the moment of writing, latest version is 0.4.5. umoci unpack takes an OCI image and makes a bundle out of it:
Let's inspect this container a bit closer by replacing command with sleep infinite and setting terminal option to "false" inside config.json. runc does not provide whole lot of command line arguments. It has commands like start, stop and run, but the configuration of container is always coming from the file, not from the command line:
In case of Docker, there is a central daemon that knows everything about containers. How is runc able to find our containers? It turns out, it just keeps the state on the filesystem, by default inside /run/runc/CONTAINER_NAME/state.json:
As we run in detached mode, there is no relation between original runc run command (there is no such process anymore) and this container process. If we check in the process table, we will see that parent process of the container is PID 1:
Detached mode is used by Docker, containerd, CRI-O and others. It's purpose is to simplify integration between runc and full-featured container management tools. Worth mentioning is that runc itself is not a library of some sort - it's a CLI. When other tools use runc, they invoke the same runc commands that we just saw in action.
conmon uses runc as a runtime via -r argument and application bundle specified by -b argument. If we inspect the directory that is passed as bundle, we will see a familiar config.json file, that points to the root filesystem and sets up a ton of different options. And if we check /run/runc directory, we will see the state for this container just as if we would execute runc directly:
In real work you will almost never do the things that I just showed you - unless you are developing your own or existing container tools. You must not assemble application bundles out of container images and you will be much better off using Podman instead of runc directly.
But it is very helpful to know what happens behind the scenes and what is really involved in running a container. There are still many layers between end user and the final container process, but if you have an understanding of the very last layer, then containers will stop being something magic and at times weird. In the end, it's just runc spawning a process within namespaces.
The most important part about runc is that it tracks the OCI runtime-spec. Even though practically every container these days is spawned with runc, it doesn't have to be spawned with runc. You can swap it with any other container runtime that follows the runtime-spec and your container engine like CRI-O is supposed to work the same way.
Both runc and Docker make use of libcontainer but have very different CLIs. If you would like to learn more about how to customise runc, add networking and much more then check out the official homepage at: runc.io or the Github repo.
Storage: At least one Portworx node should have extra storage available, either as an unformatted partition or as a disk-drive. Note that Portworx automatically formats any storage devices you pass as parameters to the px-runc installer. The following example command passes the /dev/sdb and /dev/sdc3 storage devices as parameters:
At this point, Docker still calls directly into the HCS. Going forward, however, container management tools expanding to include Windows containers and the Windows container host could call into containerd and runhcs the way they call on containerd and runc on Linux.
runhcs is a fork of runc. Like runc, runhcs is a command line client for running applications packaged according to the Open Container Initiative (OCI) format and is a compliant implementation of the Open Container Initiative specification.
The bundle directory (using -b bundle) is optional.As with runc, containers are configured using bundles. A container's bundle is the directory with the container's OCI specification file, "config.json". The default value for "bundle" is the current directory.
The first and second bullet points are super important. These features allows the container to be decoupled from the docker daemon allowing dockerd to be upgraded or restarted w/o impacting the running containers. Nifty! I mentioned that the shim is responsible for kicking off runc to actually run the container. Runc needs two things to do its job: a specification file and a path to a root file system image (the combination of the two is referred to as a bundle). To see how this works we can create a rootfs by exporting the alpine docker image:
This will create a specification file named config.json in your current directory. This file can be customized to suit your needs and requirements. Once you are happy with the file you can run runc with the rootfs directory as its sole argument (the container configuration will be read from the file config.json file):
Being able to create containers and play with the runc runtime specification is incredibly powerful. You can evaluate different apparmor profiles, test out Linux capabilities and play around with every facet of the container runtime environment without needing to install docker. I just barely scratched the surface here and would highly recommend reading through the runc and containerd documentation. Super cool stuff!
35fe9a5643