Question 1

How do I create and run a container with runc?

Accepted Answer

First, create an OCI bundle by exporting a root filesystem (e.g., from Docker) and generating a config.json with 'runc spec'. Then, use 'runc run' for a one-off execution or lifecycle commands like 'create', 'start', and 'delete' for more control, as outlined in the README's usage section.

Question 2

What's the difference between runc and Docker?

Accepted Answer

runc is a low-level runtime that handles container isolation and execution per OCI specs, while Docker is a higher-level platform that adds image management, networking, and APIs. runc is often used internally by Docker, so Docker is more user-friendly for end-to-end container workflows.

Question 3

Can runc run containers without root privileges?

Accepted Answer

Yes, runc supports rootless containers via user namespaces. You need to enable kernel settings and use the '--rootless' flag with 'runc spec', then run containers as a non-root user, as explained in the rootless containers section of the README.

Question 4

How do I enable seccomp in runc?

Accepted Answer

Seccomp is enabled by default via the 'seccomp' build tag. Ensure libseccomp-dev is installed during building, and the feature will automatically filter syscalls based on the OCI spec, with options to customize in the config.json.

Question 5

runc vs containerd: which one should I use?

Accepted Answer

runc is a minimal runtime for spawning containers, while containerd is a daemon that manages container lifecycle and images, often using runc underneath. Use runc for low-level control or embedding, and containerd for a more feature-rich runtime in orchestration systems like Kubernetes.

Question 6

Is runc suitable for production environments?

Accepted Answer

Yes, but indirectly: runc is production-tested as the core runtime for Docker and Kubernetes, but it's typically integrated via higher-level tools. Direct use requires careful configuration and security hardening, given its minimal nature and reliance on external components like CRIU for advanced features.

runc

What is runc?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions