README ¶
[![Build Status](https://jenkins.dockerproject.org/buildStatus/icon?job=runc Master)](https://jenkins.dockerproject.org/job/runc Master)
runc
runc
is a CLI tool for spawning and running containers according to the OCF specification.
State of the project
Currently runc
is an implementation of the OCI specification. We are currently sprinting
to have a v1 of the spec out. So the runc
config format will be constantly changing until
the spec is finalized. However, we encourage you to try out the tool and give feedback.
OCF
How does runc
integrate with the Open Container Initiative Specification?
runc
depends on the types specified in the
specs repository. Whenever the
specification is updated and ready to be versioned runc
will update its dependency
on the specs repository and support the update spec.
Building:
At the time of writing, runc only builds on the Linux platform.
# create a 'github.com/opencontainers' in your GOPATH/src
cd github.com/opencontainers
git clone https://github.com/opencontainers/runc
cd runc
make
sudo make install
In order to enable seccomp support you will need to install libseccomp on your platform.
If you do not want to build runc
with seccomp support you can add BUILDTAGS=""
when running make.
Build Tags
runc
supports optional build tags for compiling in support for various features.
Build Tag | Feature | Dependency |
---|---|---|
seccomp | Syscall filtering | libseccomp |
selinux | selinux process and mount labeling | |
apparmor | apparmor profile support | libapparmor |
Testing:
You can run tests for runC by using command:
# make test
Note that test cases are run in Docker container, so you need to install
docker
first. And test requires mounting cgroups inside container, it's
done by docker now, so you need a docker version newer than 1.8.0-rc2.
You can also run specific test cases by:
# make test TESTFLAGS="-run=SomeTestFunction"
Using:
To run a container with the id "test", execute runc start
with the containers id as arg one
in the bundle's root directory:
runc start test
/ $ ps
PID USER COMMAND
1 daemon sh
5 daemon sh
/ $
OCI Container JSON Format:
OCI container JSON format is based on OCI specs.
You can generate JSON files by using runc spec
.
It assumes that the file-system is found in a directory called
rootfs
and there is a user with uid and gid of 0
defined within that file-system.
Examples:
Using a Docker image (requires version 1.3 or later)
To test using Docker's busybox
image follow these steps:
- Install
docker
and download thebusybox
image:docker pull busybox
- Create a container from that image and export its contents to a tar file:
docker export $(docker create busybox) > busybox.tar
- Untar the contents to create your filesystem directory:
mkdir rootfs
tar -C rootfs -xf busybox.tar
- Create
config.json
by usingrunc spec
. - Execute
runc start
and you should be placed into a shell where you can runps
:
$ runc start test
/ # ps
PID USER COMMAND
1 root sh
9 root ps
Using runc with systemd
To use runc with systemd, you can create a unit file
/usr/lib/systemd/system/minecraft.service
as below (edit your
own Description or WorkingDirectory or service name as you need).
[Unit]
Description=Minecraft Build Server
Documentation=http://minecraft.net
After=network.target
[Service]
CPUQuota=200%
MemoryLimit=1536M
ExecStart=/usr/local/bin/runc start minecraft
Restart=on-failure
WorkingDirectory=/containers/minecraftbuild
[Install]
WantedBy=multi-user.target
Make sure you have the bundle's root directory and JSON configs in your WorkingDirectory, then use systemd commands to start the service:
systemctl daemon-reload
systemctl start minecraft.service
Note that if you use JSON configs by runc spec
, you need to modify
config.json
and change process.terminal
to false so runc won't
create tty, because we can't set terminal from the stdin when using
systemd service.
Source Files ¶
Directories ¶
Path | Synopsis |
---|---|
Godeps
|
|
_workspace/src/github.com/codegangsta/cli
Package cli provides a minimal framework for creating and organizing command line Go applications.
|
Package cli provides a minimal framework for creating and organizing command line Go applications. |
_workspace/src/github.com/coreos/go-systemd/activation
Package activation implements primitives for systemd socket activation.
|
Package activation implements primitives for systemd socket activation. |
_workspace/src/github.com/coreos/go-systemd/dbus
Integration with the systemd D-Bus API.
|
Integration with the systemd D-Bus API. |
_workspace/src/github.com/coreos/go-systemd/util
Package util contains utility functions related to systemd that applications can use to check things like whether systemd is running.
|
Package util contains utility functions related to systemd that applications can use to check things like whether systemd is running. |
_workspace/src/github.com/docker/go-units
Package units provides helper function to parse and print size and time units in human-readable format.
|
Package units provides helper function to parse and print size and time units in human-readable format. |
_workspace/src/github.com/godbus/dbus
Package dbus implements bindings to the D-Bus message bus system.
|
Package dbus implements bindings to the D-Bus message bus system. |
_workspace/src/github.com/godbus/dbus/introspect
Package introspect provides some utilities for dealing with the DBus introspection format.
|
Package introspect provides some utilities for dealing with the DBus introspection format. |
_workspace/src/github.com/godbus/dbus/prop
Package prop provides the Properties struct which can be used to implement org.freedesktop.DBus.Properties.
|
Package prop provides the Properties struct which can be used to implement org.freedesktop.DBus.Properties. |
_workspace/src/github.com/golang/protobuf/proto
Package proto converts data structures to and from the wire format of protocol buffers.
|
Package proto converts data structures to and from the wire format of protocol buffers. |
_workspace/src/github.com/seccomp/libseccomp-golang
Package seccomp rovides bindings for libseccomp, a library wrapping the Linux seccomp syscall.
|
Package seccomp rovides bindings for libseccomp, a library wrapping the Linux seccomp syscall. |
_workspace/src/github.com/syndtr/gocapability/capability
Package capability provides utilities for manipulating POSIX capabilities.
|
Package capability provides utilities for manipulating POSIX capabilities. |
_workspace/src/github.com/vishvananda/netlink
Package netlink provides a simple library for netlink.
|
Package netlink provides a simple library for netlink. |
_workspace/src/github.com/vishvananda/netlink/nl
Package nl has low level primitives for making Netlink calls.
|
Package nl has low level primitives for making Netlink calls. |
Libcontainer provides a native Go implementation for creating containers with namespaces, cgroups, capabilities, and filesystem access controls.
|
Libcontainer provides a native Go implementation for creating containers with namespaces, cgroups, capabilities, and filesystem access controls. |
criurpc
Package criurpc is a generated protocol buffer package.
|
Package criurpc is a generated protocol buffer package. |
integration
integration is used for integration testing of libcontainer
|
integration is used for integration testing of libcontainer |
specconv
Package specconv implements conversion of specifications to libcontainer configurations
|
Package specconv implements conversion of specifications to libcontainer configurations |