A minimal, educational container runtime built from scratch to explore how Linux containers work under the hood.
This runtime demonstrates core container concepts by implementing key Linux primitives from scratch. It's inspired by the OCI runtime specification and tools like runc, with a focus on clarity and educational value over feature completeness.
- ✅ Basic OCI Commands:
create,start,run - ✅ Linux Namespaces: UTS, PID, Mount, IPC, Network, User, Cgroup, Time
- ✅ Rootfs Management: Pivot root, bind mounts, readonly root support
- ✅ Process Execution: Execute container processes with proper isolation
- ✅ Cgroups v2: Full integration with Linux cgroup v2
- ✅ CPU Limits: CPU quota, period, shares, and cpuset configuration
- ✅ Memory Limits: Memory limit, swap limit, and soft limits (reservation)
- ✅ PID Limits: Maximum process limits
- ✅ Block I/O: I/O weight configuration
- ✅ Bind Mounts: Support for bind mounting host directories/files
- ✅ Virtual Filesystems: Mount proc, sysfs, tmpfs, devpts, and other filesystem types
- ✅ Mount Propagation: Shared, slave, private, and unbindable propagation modes
- ✅ Secure Path Resolution: Safe path handling using
filepath-securejoin
- ✅ TTY Support: Pseudo-terminal (PTY) support for interactive containers
- ✅ Console Socket: OCI-compatible console socket for terminal attachment
- ✅ Detached Mode: Run containers in background with proper I/O handling
- ✅ State Management: Container state tracking and persistence
- ✅ Process Communication: Parent-child process synchronization via Unix sockets
- ✅ Cleanup: Proper resource cleanup on container termination
Currently many features are implemented partially and yet to be tested.