Go to file
Alexander Morozov 98e6e70cf3 Merge pull request #214 from rajasec/restorefix
Restore container cleanup
2015-08-28 10:49:09 -07:00
Godeps Merge pull request #70 from mheon/seccomp 2015-08-21 12:25:33 -07:00
libcontainer Connect Seccomp configuration in Spec to configuration in Libcontainer 2015-08-25 17:35:06 -04:00
script Update tests to not error on library v2.2.0 and lower 2015-08-13 09:36:21 -04:00
.gitignore Remove reference to nsinit 2015-08-02 12:00:39 +02:00
CONTRIBUTING.md Move libcontainer documenation to root of repo 2015-06-26 11:50:46 -07:00
LICENSE Initial commit of runc binary 2015-06-21 19:34:13 -07:00
MAINTAINERS Move libcontainer documenation to root of repo 2015-06-26 11:50:46 -07:00
MAINTAINERS_GUIDE.md Update maintainers guide 2015-07-21 10:59:56 -07:00
Makefile Remove Seccomp build tag to fix godep 2015-08-13 15:23:43 -04:00
NOTICE Move libcontainer documenation to root of repo 2015-06-26 11:50:46 -07:00
PRINCIPLES.md Move libcontainer documenation to root of repo 2015-06-26 11:50:46 -07:00
README.md Merge pull request #224 from marcosnils/master 2015-08-28 10:46:09 -07:00
checkpoint.go Fix minor stylistic issues 2015-08-04 17:44:45 -04:00
events.go Enable build on unsupported platforms 2015-06-29 17:03:44 -07:00
exec.go Add exec command 2015-08-19 12:01:38 -07:00
kill.go Add the default signal (SIGTERM) for runc kill 2015-08-13 23:42:54 +08:00
main.go Merge pull request #210 from duglin/AddExecCmd 2015-08-25 08:21:23 -07:00
main_unix.go Windows: Remove nsenter dependency 2015-06-28 17:04:16 -07:00
main_unsupported.go Add parse signal function for runc kill 2015-08-04 11:35:13 -07:00
pause.go Add pause/resume commands 2015-08-18 13:37:36 -07:00
restore.go Restore container cleanup 2015-08-19 15:00:57 +05:30
signals.go signal: Fix leak 2015-07-27 13:05:15 -04:00
spec.go Merge pull request #223 from rajasec/rlimitspec 2015-08-28 10:34:59 -07:00
start.go Error should be checked after loadSpec 2015-08-27 11:03:43 -04:00
tty.go richer information error message for terminal 2015-08-20 08:25:40 +08:00
utils.go Update github.com/opecontainers/specs to 5b31bb2b77 2015-08-03 15:33:48 -04:00

README.md

runc

runc is a CLI tool for spawning and running containers according to the OCF specification.

State of the project

Currently runc is an implementation of the OCF specification. We are currently sprinting to have a v1 of the spec out within a quick timeframe of a few weeks, ~July 2015, so the runc config format will be constantly changing until the spec is finalized. However, we encourage you to try out the tool and give feedback.

OCF

How does runc integrate with the Open Container Format? runc depends on the types specified in the specs repository. Whenever the specification is updated and ready to be versioned runc will update it's dependency on the specs repository and support the update spec.

Building:

# create a 'github.com/opencontainers' in your GOPATH/src
cd github.com/opencontainers
git clone https://github.com/opencontainers/runc
cd runc
make
sudo make install

Using:

To run a container, execute runc start in the bundle's root directory:

runc start
/ $ ps
PID   USER     COMMAND
1     daemon   sh
5     daemon   sh
/ $

Or you can specify the path to a JSON configuration file:

runc start config.json
/ $ ps
PID   USER     COMMAND
1     daemon   sh
5     daemon   sh
/ $

Note: the use of the start command is required when specifying a configuration file.

OCF Container JSON Format:

Below is a sample config.json configuration file. It assumes that the file-system is found in a directory called rootfs and there is a user with uid and gid of 0 defined within that file-system.

{
    "version": "pre-draft",
    "platform": {
        "os": "linux",
        "arch": "amd64"
    },
    "process": {
        "terminal": true,
        "user": {
            "uid": 0,
            "gid": 0,
            "additionalGids": null
        },
        "args": [
            "sh"
        ],
        "env": [
            "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
            "TERM=xterm"
        ],
        "cwd": ""
    },
    "root": {
        "path": "rootfs",
        "readonly": true
    },
    "hostname": "shell",
    "mounts": [
        {
            "type": "proc",
            "source": "proc",
            "destination": "/proc",
            "options": ""
        },
        {
            "type": "tmpfs",
            "source": "tmpfs",
            "destination": "/dev",
            "options": "nosuid,strictatime,mode=755,size=65536k"
        },
        {
            "type": "devpts",
            "source": "devpts",
            "destination": "/dev/pts",
            "options": "nosuid,noexec,newinstance,ptmxmode=0666,mode=0620,gid=5"
        },
        {
            "type": "tmpfs",
            "source": "shm",
            "destination": "/dev/shm",
            "options": "nosuid,noexec,nodev,mode=1777,size=65536k"
        },
        {
            "type": "mqueue",
            "source": "mqueue",
            "destination": "/dev/mqueue",
            "options": "nosuid,noexec,nodev"
        },
        {
            "type": "sysfs",
            "source": "sysfs",
            "destination": "/sys",
            "options": "nosuid,noexec,nodev"
        },
        {
            "type": "cgroup",
            "source": "cgroup",
            "destination": "/sys/fs/cgroup",
            "options": "nosuid,noexec,nodev,relatime,ro"
        }
    ],
    "linux": {
        "uidMapping": null,
        "gidMapping": null,
        "rlimits": [
           {
                "type": 7,
                "hard": 1024,
                "soft": 1024
           }
        ],
        "systemProperties": null,
        "resources": {
            "disableOOMKiller": false,
            "memory": {
                "limit": 0,
                "reservation": 0,
                "swap": 0,
                "kernel": 0,
                "swappiness": -1
            },
            "cpu": {
                "shares": 0,
                "quota": 0,
                "period": 0,
                "realtimeRuntime": 0,
                "realtimePeriod": 0,
                "cpus": "",
                "mems": ""
            },
            "blockIO": {
                "blkioWeight": 0,
                "blkioWeightDevice": "",
                "blkioThrottleReadBpsDevice": "",
                "blkioThrottleWriteBpsDevice": "",
                "blkioThrottleReadIopsDevice": "",
                "blkioThrottleWriteIopsDevice": ""
            },
            "hugepageLimits": null,
            "network": {
                "classId": "",
                "priorities": null
            }
        },
        "namespaces": [
            {
                "type": "pid",
                "path": ""
            },
            {
                "type": "network",
                "path": ""
            },
            {
                "type": "ipc",
                "path": ""
            },
            {
                "type": "uts",
                "path": ""
            },
            {
                "type": "mount",
                "path": ""
            }
        ],
        "capabilities": [
            "AUDIT_WRITE",
            "KILL",
            "NET_BIND_SERVICE"
        ],
        "devices": [
                {
                        "type": 99,
                        "path": "/dev/null",
                        "major": 1,
                        "minor": 3,
                        "permissions": "rwm",
                        "fileMode": 438,
                        "uid": 0,
                        "gid": 0
                },
                {
                        "type": 99,
                        "path": "/dev/random",
                        "major": 1,
                        "minor": 8,
                        "permissions": "rwm",
                        "fileMode": 438,
                        "uid": 0,
                        "gid": 0
                },
                {
                        "type": 99,
                        "path": "/dev/full",
                        "major": 1,
                        "minor": 7,
                        "permissions": "rwm",
                        "fileMode": 438,
                        "uid": 0,
                        "gid": 0
                },
                {
                        "type": 99,
                        "path": "/dev/tty",
                        "major": 5,
                        "minor": 0,
                        "permissions": "rwm",
                        "fileMode": 438,
                        "uid": 0,
                        "gid": 0
                },
                {
                        "type": 99,
                        "path": "/dev/zero",
                        "major": 1,
                        "minor": 5,
                        "permissions": "rwm",
                        "fileMode": 438,
                        "uid": 0,
                        "gid": 0
                },
                {
                        "type": 99,
                        "path": "/dev/urandom",
                        "major": 1,
                        "minor": 9,
                        "permissions": "rwm",
                        "fileMode": 438,
                        "uid": 0,
                        "gid": 0
                }
        ],
    }
}

Examples:

Using a Docker image (requires version 1.3 or later)

To test using Docker's busybox image follow these steps:

  • Install docker and download the busybox image: docker pull busybox
  • Create a container from that image and export its contents to a tar file: docker export $(docker create busybox) > busybox.tar
  • Untar the contents to create your filesystem directory:
mkdir rootfs
tar -C rootfs -xf busybox.tar
  • Create a file called config.json using the example from above. You can also generate a spec using runc spec, redirecting the output into config.json
  • Execute runc start and you should be placed into a shell where you can run ps:
$ runc start
/ # ps
PID   USER     COMMAND
    1 root     sh
    9 root     ps

Using runc with systemd

[Unit]
Description=Minecraft Build Server
Documentation=http://minecraft.net
After=network.target

[Service]
CPUQuota=200%
MemoryLimit=1536M
ExecStart=/usr/local/bin/runc
Restart=on-failure
WorkingDirectory=/containers/minecraftbuild

[Install]
WantedBy=multi-user.target