runc command
runc is a command line client for running applications packaged according to the Open Container Initiative (OCI) format and is a compliant implementation of the Open Container Initiative specification.
Directories ΒΆ
| Path | Synopsis |
|---|---|
| internal | |
| libcontainer | Package libcontainer provides a native Go implementation for creating containers with namespaces, cgroups, capabilities, and filesystem access controls. |
| libcontainer/apparmor | Package apparmor provides a minimal set of helpers to configure the AppArmor profile of the current process, effectively acting as a very stripped-down version of libapparmor. |
| libcontainer/capabilities | Package capabilities provides helpers for managing Linux capabilities. |
| libcontainer/configs | Package configs provides various container-related configuration types used by libcontainer. |
| libcontainer/configs/validate | Package validate provides helpers for validating configuration. |
| libcontainer/devices | Package devices provides some helper functions for constructing device configurations for runc. |
| libcontainer/exeseal | Package exeseal provides mechanisms for sealing /proc/self/exe and thus protecting the runc binary against CVE-2019-5736-style attacks. |
| libcontainer/integration | Package integration is used for integration testing of libcontainer. |
| libcontainer/intelrdt | |
| libcontainer/internal | |
| libcontainer/keys | Package keys provides helpers for Linux keyrings. |
| libcontainer/logs | Package logs provides helpers for logging used within runc (specifically for forwarding logs from "runc init" to the main runc process). |
| libcontainer/nsenter | Package nsenter implements the namespace creation and joining logic of runc. |
| libcontainer/nsenter/test | Package escapetest is part of the escape_json_string unit test. |
| libcontainer/seccomp | Package seccomp provides runc-specific helpers for loading and managing seccomp profiles. |
| libcontainer/seccomp/patchbpf | Package patchbpf provides utilities for patching libseccomp-generated cBPF programs in order to handle unknown syscalls and ENOSYS more gracefully. |
| libcontainer/specconv | Package specconv implements conversion of specifications to libcontainer configurations |
| libcontainer/system | Package system provides wrappers for Linux system operations. |
| libcontainer/system/kernelversion | Package kernelversion provides a method to check whether the running kernel version is at least a minimum kernel version. |
| libcontainer/utils | Package utils provides general helper utilities used in libcontainer. |
| tests | |
| tests/cmd | |
| tests/cmd/fs-idmap | fs-idmap is a command-line tool to detect if a filesystem associated with a given path supports id-mapped mounts. |
| tests/cmd/key_label | key_label is a simple program to print the current session keyring name and its security label, to be run inside container (see selinux.bats). |
| tests/cmd/pidfd-kill | pidfd-kill is a command-line tool to send signals to processes using pidfds passed through a unix socket. |
| tests/cmd/recvtty | recvtty is a sample implementation of the consumer side of the --console-socket interface for runc. |
| tests/cmd/remap-rootfs | remap-rootfs is a command-line tool to remap the ownership of an OCI bundle's rootfs to match the user namespace id-mapping of the bundle's config.json. |
| tests/cmd/sd-helper | sd-helper is a command-line tool to provide some very minimal helpers to communicate with systemd. |
| tests/cmd/seccompagent | |
| types | Package types defines the types used for the cgroup-related events APIs provided by "runc events". |
| types/features | Package features provides the annotations for github.com/opencontainers/runtime-spec/specs-go/features. |
- Version
- v1.5.0-rc.2
- Published
- Apr 3, 2026
- Platform
- linux/amd64
- Imports
- 49 packages
- Last checked
- 3 seconds ago –
Tools for package owners.