Innovating out in the open

It's almost been a year since the Open Container Initiative (OCI) and its reference OCI-compliant runtime for containers, runC, were announced last June. RunC is now the container execution engine used both by Docker and Cloud Foundry's Garden-Linux project. Phil Estes explains why runC and the OCI community are great places to innovate and develop new features for container execution.

It’s almost been a year since the Open Container Initiative (OCI) and its reference OCI-compliant runtime for containers, runC, were announced last June. RunC is now the container execution engine used both by Docker and Cloud Foundry’s Garden-Linux project. As the OCI community expands, and runC is used as an OCI spec compliant runtime in more container systems, innovation around container features and evolution of its capabilities are increasing all the time. It turns out that runC is a great lightweight container executor that makes for an easy playground for trying out new OS-level features around containers. In the past year, many features from higher-level environments like the Docker ecosystem—including seccomp, user namespaces, PID cgroups, and checkpoint/restore—all appeared in runC or its container library, libcontainer, first. Phil Estes explains how easy it is to utilize runC for testing new container capabilities or trying out different configurations in a much more lightweight model than running a complete container orchestration engine or even a Docker daemon and why runC and the OCI community are great places to innovate and develop new OS-level features for container execution environments. Phil demonstrates some of these capabilities live and compares using runC with an OCI configuration (based on the OCI spec) and running containers with higher-level tools.