Name: runc
Owner: Rancher
Description: runc container cli tools
Created: 2015-11-23 22:06:56.0
Updated: 2017-10-28 00:25:57.0
Pushed: 2017-10-31 12:27:32.0
Size: 2199
Language: Go
GitHub Committers
| User | Most Recent Commit | # Commits |
|---|
Other Committers
| User | Most Recent Commit | # Commits |
|---|
runc is a CLI tool for spawning and running containers according to the OCF specification.
Currently runc is an implementation of the OCI specification. We are currently sprinting
to have a v1 of the spec out within a quick timeframe of a few weeks, ~July 2015,
so the runc config format will be constantly changing until
the spec is finalized. However, we encourage you to try out the tool and give feedback.
How does runc integrate with the Open Container Initiative Specification?
runc depends on the types specified in the
specs repository. Whenever the
specification is updated and ready to be versioned runc will update its dependency
on the specs repository and support the update spec.
At the time of writing, runc only builds on the Linux platform.
eate a 'github.com/opencontainers' in your GOPATH/src
ithub.com/opencontainers
clone https://github.com/opencontainers/runc
unc
make install
In order to enable seccomp support you will need to install libseccomp on your platform.
If you do not with to build runc with seccomp support you can add BUILDTAGS="" when running make.
runc supports optional build tags for compiling in support for various features.
| Build Tag | Feature | Dependency |
|———–|————————————|————-|
| seccomp | Syscall filtering | libseccomp |
| selinux | selinux process and mount labeling |
You can run tests for runC by using command:
ke test
Note that test cases are run in Docker container, so you need to install
docker first. And test requires mounting cgroups inside container, it's
done by docker now, so you need a docker version newer than 1.8.0-rc2.
You can also run specific test cases by:
ke test TESTFLAGS="-run=SomeTestFunction"
To run a container, execute runc start in the bundle's root directory:
start
ps
USER COMMAND
daemon sh
daemon sh
Below are sample config.json and runtime.json configuration files. It assumes that
the file-system is found in a directory called rootfs and there is a
user with uid and gid of 0 defined within that file-system.
config.json:
"version": "0.1.0",
"platform": {
"os": "linux",
"arch": "amd64"
},
"process": {
"terminal": true,
"user": {
"uid": 0,
"gid": 0,
"additionalGids": null
},
"args": [
"sh"
],
"env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"TERM=xterm"
],
"cwd": ""
},
"root": {
"path": "rootfs",
"readonly": true
},
"hostname": "shell",
"mounts": [
{
"name": "proc",
"path": "/proc"
},
{
"name": "dev",
"path": "/dev"
},
{
"name": "devpts",
"path": "/dev/pts"
},
{
"name": "shm",
"path": "/dev/shm"
},
{
"name": "mqueue",
"path": "/dev/mqueue"
},
{
"name": "sysfs",
"path": "/sys"
},
{
"name": "cgroup",
"path": "/sys/fs/cgroup"
}
],
"linux": {
"capabilities": [
"CAP_AUDIT_WRITE",
"CAP_KILL",
"CAP_NET_BIND_SERVICE"
]
}
runtime.json:
"mounts": {
"proc": {
"type": "proc",
"source": "proc",
"options": null
},
"dev": {
"type": "tmpfs",
"source": "tmpfs",
"options": [
"nosuid",
"strictatime",
"mode=755",
"size=65536k"
]
},
"devpts": {
"type": "devpts",
"source": "devpts",
"options": [
"nosuid",
"noexec",
"newinstance",
"ptmxmode=0666",
"mode=0620",
"gid=5"
]
},
"shm": {
"type": "tmpfs",
"source": "shm",
"options": [
"nosuid",
"noexec",
"nodev",
"mode=1777",
"size=65536k"
]
},
"mqueue": {
"type": "mqueue",
"source": "mqueue",
"options": [
"nosuid",
"noexec",
"nodev"
]
},
"sysfs": {
"type": "sysfs",
"source": "sysfs",
"options": [
"nosuid",
"noexec",
"nodev"
]
},
"cgroup": {
"type": "cgroup",
"source": "cgroup",
"options": [
"nosuid",
"noexec",
"nodev",
"relatime",
"ro"
]
}
},
"hooks": {
"prestart": null,
"poststop": null
},
"linux": {
"uidMappings": null,
"gidMappings": null,
"rlimits": [
{
"type": "RLIMIT_NOFILE",
"hard": 1024,
"soft": 1024
}
],
"sysctl": null,
"resources": {
"disableOOMKiller": false,
"memory": {
"limit": 0,
"reservation": 0,
"swap": 0,
"kernel": 0,
"swappiness": -1
},
"cpu": {
"shares": 0,
"quota": 0,
"period": 0,
"realtimeRuntime": 0,
"realtimePeriod": 0,
"cpus": "",
"mems": ""
},
"pids": {
"limit": 0
},
"blockIO": {
"blkioWeight": 0,
"blkioWeightDevice": "",
"blkioThrottleReadBpsDevice": "",
"blkioThrottleWriteBpsDevice": "",
"blkioThrottleReadIopsDevice": "",
"blkioThrottleWriteIopsDevice": ""
},
"hugepageLimits": null,
"network": {
"classId": "",
"priorities": null
}
},
"cgroupsPath": "",
"namespaces": [
{
"type": "pid",
"path": ""
},
{
"type": "network",
"path": ""
},
{
"type": "ipc",
"path": ""
},
{
"type": "uts",
"path": ""
},
{
"type": "mount",
"path": ""
}
],
"devices": [
{
"path": "/dev/null",
"type": 99,
"major": 1,
"minor": 3,
"permissions": "rwm",
"fileMode": 438,
"uid": 0,
"gid": 0
},
{
"path": "/dev/random",
"type": 99,
"major": 1,
"minor": 8,
"permissions": "rwm",
"fileMode": 438,
"uid": 0,
"gid": 0
},
{
"path": "/dev/full",
"type": 99,
"major": 1,
"minor": 7,
"permissions": "rwm",
"fileMode": 438,
"uid": 0,
"gid": 0
},
{
"path": "/dev/tty",
"type": 99,
"major": 5,
"minor": 0,
"permissions": "rwm",
"fileMode": 438,
"uid": 0,
"gid": 0
},
{
"path": "/dev/zero",
"type": 99,
"major": 1,
"minor": 5,
"permissions": "rwm",
"fileMode": 438,
"uid": 0,
"gid": 0
},
{
"path": "/dev/urandom",
"type": 99,
"major": 1,
"minor": 9,
"permissions": "rwm",
"fileMode": 438,
"uid": 0,
"gid": 0
}
],
"apparmorProfile": "",
"selinuxProcessLabel": "",
"seccomp": {
"defaultAction": "SCMP_ACT_ALLOW",
"syscalls": []
},
"rootfsPropagation": ""
}
To test using Docker's busybox image follow these steps:
docker and download the busybox image: docker pull busyboxdocker export $(docker create busybox) > busybox.tarr rootfs
-C rootfs -xf busybox.tar
config.json and runtime.json using the example from above. You can also
generate a spec using runc spec, which will create those files for you.runc start and you should be placed into a shell where you can run ps:nc start
ps
USER COMMAND
ot sh
ot ps
To use runc with systemd, you can create a unit file
/usr/lib/systemd/system/minecraft.service as below (edit your
own Description or WorkingDirectory or service name as you need).
t]
ription=Minecraft Build Server
mentation=http://minecraft.net
r=network.target
vice]
uota=200%
ryLimit=1536M
Start=/usr/local/bin/runc start
art=on-failure
ingDirectory=/containers/minecraftbuild
tall]
edBy=multi-user.target
Make sure you have the bundle's root directory and JSON configs in your WorkingDirectory, then use systemd commands to start the service:
emctl daemon-reload
emctl start minecraft.service
Note that if you use JSON configs by runc spec, you need to modify
config.json and change process.terminal to false so runc won't
create tty, because we can't set terminal from the stdin when using
systemd service.