rtyler
/
runc
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
runc container cli tools
2,581 Commits 10 Branches 14 Tags 6.1 MiB
Go 87%
Shell 8.8%
C 3%
Protocol Buffer 0.5%
Makefile 0.5%
Other 0.2%
Go to file
Aleksa Sarai 0636bdd45b Merge pull request #874 from crosbymichael/keyring 
Add option to disable new session keys
 		2016-06-12 21:44:45 +10:00
Godeps godeps: bump libseccomp-golang to 32f571b70023028bd57d9288c20efbcb237f3ce0 2016-06-08 20:15:18 +10:00
contrib/completions/bash bash completion step for update command 2016-05-28 13:22:28 +05:30
libcontainer Merge pull request #874 from crosbymichael/keyring 2016-06-12 21:44:45 +10:00
man Update man pages to refect the latest cli change 2016-05-28 13:33:57 +08:00
script Update Dockerfile to 1.6.2 2016-05-31 11:10:47 -07:00
tests/integration bats: Fix spec validation test 2016-06-09 13:16:00 -07:00
.gitignore Update .gitignore for generate man pages 2016-03-04 11:14:12 -08:00
.pullapprove.yml Disallow self-LGTMs 2016-06-01 09:31:21 +08:00
CONTRIBUTING.md Move libcontainer documenation to root of repo 2015-06-26 11:50:46 -07:00
Dockerfile Add a Dockerfile and a dbuild target. This allows you to build runC via Docker without having Golang installed on the host 2015-12-18 11:37:12 +00:00
LICENSE Initial commit of runc binary 2015-06-21 19:34:13 -07:00
MAINTAINERS MAINTAINERS: add Aleksa Sarai to maintainers 2016-03-15 15:09:53 +11:00
MAINTAINERS_GUIDE.md Update maintainers guide 2015-07-21 10:59:56 -07:00
Makefile Merge pull request #827 from crosbymichael/create-start 2016-06-03 10:38:03 -07:00
NOTICE Move libcontainer documenation to root of repo 2015-06-26 11:50:46 -07:00
PRINCIPLES.md Move libcontainer documenation to root of repo 2015-06-26 11:50:46 -07:00
README.md readme: Mention the go 1.6 requirement in the README for building runc 2016-06-09 16:23:43 -07:00
VERSION Update runc version to 1.0.0-rc1 2016-06-03 15:25:47 -07:00
checkpoint.go Replace github.com/codegangsta/cli by github.com/urfave/cli 2016-06-06 11:47:20 -07:00
create.go Merge pull request #874 from crosbymichael/keyring 2016-06-12 21:44:45 +10:00
delete.go Replace github.com/codegangsta/cli by github.com/urfave/cli 2016-06-06 11:47:20 -07:00
events.go Replace github.com/codegangsta/cli by github.com/urfave/cli 2016-06-06 11:47:20 -07:00
exec.go Replace github.com/codegangsta/cli by github.com/urfave/cli 2016-06-06 11:47:20 -07:00
kill.go Replace github.com/codegangsta/cli by github.com/urfave/cli 2016-06-06 11:47:20 -07:00
list.go Replace github.com/codegangsta/cli by github.com/urfave/cli 2016-06-06 11:47:20 -07:00
main.go Replace github.com/codegangsta/cli by github.com/urfave/cli 2016-06-06 11:47:20 -07:00
main_solaris.go Replace github.com/codegangsta/cli by github.com/urfave/cli 2016-06-06 11:47:20 -07:00
main_unix.go Add error return to action function signature 2016-06-07 14:42:54 -07:00
main_unsupported.go Replace github.com/codegangsta/cli by github.com/urfave/cli 2016-06-06 11:47:20 -07:00
pause.go Replace github.com/codegangsta/cli by github.com/urfave/cli 2016-06-06 11:47:20 -07:00
ps.go Replace github.com/codegangsta/cli by github.com/urfave/cli 2016-06-06 11:47:20 -07:00
restore.go restore: add the empty-ns option 2016-06-07 20:24:59 +03:00
rlimit_linux.go Fixing rlimit sigpending value 2016-04-03 22:25:41 +05:30
run.go Merge pull request #874 from crosbymichael/keyring 2016-06-12 21:44:45 +10:00
signals.go Destroy container along with processes before stdio 2016-03-15 13:17:11 -07:00
spec.go Replace github.com/codegangsta/cli by github.com/urfave/cli 2016-06-06 11:47:20 -07:00
start.go Replace github.com/codegangsta/cli by github.com/urfave/cli 2016-06-06 11:47:20 -07:00
state.go Replace github.com/codegangsta/cli by github.com/urfave/cli 2016-06-06 11:47:20 -07:00
tty.go *: correctly chown() consoles 2016-05-22 22:37:13 +10:00
update.go Replace github.com/codegangsta/cli by github.com/urfave/cli 2016-06-06 11:47:20 -07:00
utils.go Replace github.com/codegangsta/cli by github.com/urfave/cli 2016-06-06 11:47:20 -07:00
utils_linux.go Merge pull request #874 from crosbymichael/keyring 2016-06-12 21:44:45 +10:00

README.md

[![Build Status](https://jenkins.dockerproject.org/buildStatus/icon?job=runc Master)](https://jenkins.dockerproject.org/job/runc Master)

runc

runc is a CLI tool for spawning and running containers according to the OCI specification.

State of the project

Currently runc is an implementation of the OCI specification. We are currently sprinting to have a v1 of the spec out. So the runc config format will be constantly changing until the spec is finalized. However, we encourage you to try out the tool and give feedback.

OCI

How does runc integrate with the Open Container Initiative Specification? runc depends on the types specified in the specs repository. Whenever the specification is updated and ready to be versioned runc will update its dependency on the specs repository and support the update spec.

Building:

At the time of writing, runc only builds on the Linux platform and requires go version 1.6 or higher.

# create a 'github.com/opencontainers' in your GOPATH/src
cd github.com/opencontainers
git clone https://github.com/opencontainers/runc
cd runc
make
sudo make install

In order to enable seccomp support you will need to install libseccomp on your platform. If you do not want to build runc with seccomp support you can add BUILDTAGS="" when running make.

Build Tags

runc supports optional build tags for compiling in support for various features.

Build Tag Feature Dependency
seccomp Syscall filtering libseccomp
selinux selinux process and mount labeling
apparmor apparmor profile support libapparmor

Testing:

You can run tests for runC by using command:

# make test

Note that test cases are run in Docker container, so you need to install docker first. And test requires mounting cgroups inside container, it's done by docker now, so you need a docker version newer than 1.8.0-rc2.

You can also run specific test cases by:

# make test TESTFLAGS="-run=SomeTestFunction"

Using:

To run a container with the id "test", execute runc run with the containers id as arg one in the bundle's root directory:

runc run test
/ $ ps
PID   USER     COMMAND
1     daemon   sh
5     daemon   sh
/ $

OCI Container JSON Format:

OCI container JSON format is based on OCI specs. You can generate JSON files by using runc spec. It assumes that the file-system is found in a directory called rootfs and there is a user with uid and gid of 0 defined within that file-system.

Examples:

Using a Docker image (requires version 1.3 or later)

To test using Docker's busybox image follow these steps:

  • Install docker and download the busybox image: docker pull busybox
  • Create a container from that image and export its contents in a directory:
mkdir rootfs
docker export $(docker create busybox) | tar -C rootfs -xvf -
  • Create config.json by using runc spec.
  • Execute runc run and you should be placed into a shell where you can run ps:
$ runc run test
/ # ps
PID   USER     COMMAND
    1 root     sh
    9 root     ps

Using runc with systemd

To use runc with systemd, you can create a unit file /usr/lib/systemd/system/minecraft.service as below (edit your own Description or WorkingDirectory or service name as you need).

[Unit]
Description=Minecraft Build Server
Documentation=http://minecraft.net
After=network.target

[Service]
CPUQuota=200%
MemoryLimit=1536M
ExecStart=/usr/local/sbin/runc run minecraft
Restart=on-failure
WorkingDirectory=/containers/minecraftbuild

[Install]
WantedBy=multi-user.target

Make sure you have the bundle's root directory and JSON configs in your WorkingDirectory, then use systemd commands to start the service:

systemctl daemon-reload
systemctl start minecraft.service

Note that if you use JSON configs by runc spec, you need to modify config.json and change process.terminal to false so runc won't create tty, because we can't set terminal from the stdin when using systemd service.