Name: runc
Owner: Rancher
Description: runc container cli tools
Created: 2015-11-23 22:06:56.0
Updated: 2017-10-28 00:25:57.0
Pushed: 2017-10-31 12:27:32.0
Size: 2199
Language: Go
GitHub Committers
User | Most Recent Commit | # Commits |
---|
Other Committers
User | Most Recent Commit | # Commits |
---|
runc
is a CLI tool for spawning and running containers according to the OCF specification.
Currently runc
is an implementation of the OCI specification. We are currently sprinting
to have a v1 of the spec out within a quick timeframe of a few weeks, ~July 2015,
so the runc
config format will be constantly changing until
the spec is finalized. However, we encourage you to try out the tool and give feedback.
How does runc
integrate with the Open Container Initiative Specification?
runc
depends on the types specified in the
specs repository. Whenever the
specification is updated and ready to be versioned runc
will update its dependency
on the specs repository and support the update spec.
At the time of writing, runc only builds on the Linux platform.
eate a 'github.com/opencontainers' in your GOPATH/src
ithub.com/opencontainers
clone https://github.com/opencontainers/runc
unc
make install
In order to enable seccomp support you will need to install libseccomp on your platform.
If you do not with to build runc
with seccomp support you can add BUILDTAGS=""
when running make.
runc
supports optional build tags for compiling in support for various features.
| Build Tag | Feature | Dependency |
|———–|————————————|————-|
| seccomp | Syscall filtering | libseccomp |
| selinux | selinux process and mount labeling |
You can run tests for runC by using command:
ke test
Note that test cases are run in Docker container, so you need to install
docker
first. And test requires mounting cgroups inside container, it's
done by docker now, so you need a docker version newer than 1.8.0-rc2.
You can also run specific test cases by:
ke test TESTFLAGS="-run=SomeTestFunction"
To run a container, execute runc start
in the bundle's root directory:
start
ps
USER COMMAND
daemon sh
daemon sh
Below are sample config.json
and runtime.json
configuration files. It assumes that
the file-system is found in a directory called rootfs
and there is a
user with uid and gid of 0
defined within that file-system.
config.json
:
"version": "0.1.0",
"platform": {
"os": "linux",
"arch": "amd64"
},
"process": {
"terminal": true,
"user": {
"uid": 0,
"gid": 0,
"additionalGids": null
},
"args": [
"sh"
],
"env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"TERM=xterm"
],
"cwd": ""
},
"root": {
"path": "rootfs",
"readonly": true
},
"hostname": "shell",
"mounts": [
{
"name": "proc",
"path": "/proc"
},
{
"name": "dev",
"path": "/dev"
},
{
"name": "devpts",
"path": "/dev/pts"
},
{
"name": "shm",
"path": "/dev/shm"
},
{
"name": "mqueue",
"path": "/dev/mqueue"
},
{
"name": "sysfs",
"path": "/sys"
},
{
"name": "cgroup",
"path": "/sys/fs/cgroup"
}
],
"linux": {
"capabilities": [
"CAP_AUDIT_WRITE",
"CAP_KILL",
"CAP_NET_BIND_SERVICE"
]
}
runtime.json
:
"mounts": {
"proc": {
"type": "proc",
"source": "proc",
"options": null
},
"dev": {
"type": "tmpfs",
"source": "tmpfs",
"options": [
"nosuid",
"strictatime",
"mode=755",
"size=65536k"
]
},
"devpts": {
"type": "devpts",
"source": "devpts",
"options": [
"nosuid",
"noexec",
"newinstance",
"ptmxmode=0666",
"mode=0620",
"gid=5"
]
},
"shm": {
"type": "tmpfs",
"source": "shm",
"options": [
"nosuid",
"noexec",
"nodev",
"mode=1777",
"size=65536k"
]
},
"mqueue": {
"type": "mqueue",
"source": "mqueue",
"options": [
"nosuid",
"noexec",
"nodev"
]
},
"sysfs": {
"type": "sysfs",
"source": "sysfs",
"options": [
"nosuid",
"noexec",
"nodev"
]
},
"cgroup": {
"type": "cgroup",
"source": "cgroup",
"options": [
"nosuid",
"noexec",
"nodev",
"relatime",
"ro"
]
}
},
"hooks": {
"prestart": null,
"poststop": null
},
"linux": {
"uidMappings": null,
"gidMappings": null,
"rlimits": [
{
"type": "RLIMIT_NOFILE",
"hard": 1024,
"soft": 1024
}
],
"sysctl": null,
"resources": {
"disableOOMKiller": false,
"memory": {
"limit": 0,
"reservation": 0,
"swap": 0,
"kernel": 0,
"swappiness": -1
},
"cpu": {
"shares": 0,
"quota": 0,
"period": 0,
"realtimeRuntime": 0,
"realtimePeriod": 0,
"cpus": "",
"mems": ""
},
"pids": {
"limit": 0
},
"blockIO": {
"blkioWeight": 0,
"blkioWeightDevice": "",
"blkioThrottleReadBpsDevice": "",
"blkioThrottleWriteBpsDevice": "",
"blkioThrottleReadIopsDevice": "",
"blkioThrottleWriteIopsDevice": ""
},
"hugepageLimits": null,
"network": {
"classId": "",
"priorities": null
}
},
"cgroupsPath": "",
"namespaces": [
{
"type": "pid",
"path": ""
},
{
"type": "network",
"path": ""
},
{
"type": "ipc",
"path": ""
},
{
"type": "uts",
"path": ""
},
{
"type": "mount",
"path": ""
}
],
"devices": [
{
"path": "/dev/null",
"type": 99,
"major": 1,
"minor": 3,
"permissions": "rwm",
"fileMode": 438,
"uid": 0,
"gid": 0
},
{
"path": "/dev/random",
"type": 99,
"major": 1,
"minor": 8,
"permissions": "rwm",
"fileMode": 438,
"uid": 0,
"gid": 0
},
{
"path": "/dev/full",
"type": 99,
"major": 1,
"minor": 7,
"permissions": "rwm",
"fileMode": 438,
"uid": 0,
"gid": 0
},
{
"path": "/dev/tty",
"type": 99,
"major": 5,
"minor": 0,
"permissions": "rwm",
"fileMode": 438,
"uid": 0,
"gid": 0
},
{
"path": "/dev/zero",
"type": 99,
"major": 1,
"minor": 5,
"permissions": "rwm",
"fileMode": 438,
"uid": 0,
"gid": 0
},
{
"path": "/dev/urandom",
"type": 99,
"major": 1,
"minor": 9,
"permissions": "rwm",
"fileMode": 438,
"uid": 0,
"gid": 0
}
],
"apparmorProfile": "",
"selinuxProcessLabel": "",
"seccomp": {
"defaultAction": "SCMP_ACT_ALLOW",
"syscalls": []
},
"rootfsPropagation": ""
}
To test using Docker's busybox
image follow these steps:
docker
and download the busybox
image: docker pull busybox
docker export $(docker create busybox) > busybox.tar
r rootfs
-C rootfs -xf busybox.tar
config.json
and runtime.json
using the example from above. You can also
generate a spec using runc spec
, which will create those files for you.runc start
and you should be placed into a shell where you can run ps
:nc start
ps
USER COMMAND
ot sh
ot ps
To use runc with systemd, you can create a unit file
/usr/lib/systemd/system/minecraft.service
as below (edit your
own Description or WorkingDirectory or service name as you need).
t]
ription=Minecraft Build Server
mentation=http://minecraft.net
r=network.target
vice]
uota=200%
ryLimit=1536M
Start=/usr/local/bin/runc start
art=on-failure
ingDirectory=/containers/minecraftbuild
tall]
edBy=multi-user.target
Make sure you have the bundle's root directory and JSON configs in your WorkingDirectory, then use systemd commands to start the service:
emctl daemon-reload
emctl start minecraft.service
Note that if you use JSON configs by runc spec
, you need to modify
config.json
and change process.terminal
to false so runc won't
create tty, because we can't set terminal from the stdin when using
systemd service.