[an-oh-cheer] Another OCI Runtime.
An experimental Linux container runtime, implementing the OCI Runtime Spec.
The process of building this is being documented in a series of blog posts which you can read here: Building a container runtime from scratch in Go.
Note
This is a personal project to explore how container runtimes work. It's not production-ready. If you're looking for a production-ready alternative to runc, I think youki is pretty cool.
- Pass all tests in the opencontainers OCI Runtime Spec test suite.
- Pass all tests in the Kubernetes CRI validation test suite.
- Implement optional Seccomp.
- Implement optional AppArmor.
- Download the tarball for your architecture from Releases.
- Extract the
anocirbinary from the tarball into somewhere in$PATH, e.g.~/.local/bin. - View docs by running
anocir --helporanocir COMMAND --help.
Caution
Some features may require sudo and make changes to your system. Take appropriate precautions.
By default, the Docker daemon uses the runc container runtime. anocir can be used as a drop-in replacement for runc.
You can find detailed instructions on how to configure alternative runtimes in the Docker docs. If you just want to quickly experiment, the following should suffice:
# 1. Stop any running Docker service
sudo systemctl stop docker.service
# 2. Start the Docker Daemon with added anocir runtime
sudo dockerd --add-runtime anocir=PATH_TO_ANOCIR_BINARY
# 3. Run a container using the anocir runtime
docker run -it --runtime anocir busybox sh
The anocir CLI implements the OCI Runtime Command Line Interface spec. You can view the docs by running anocir --help or anocir [COMMAND] --help.
Feel free to leave any comments/suggestions/feedback in issues.
Prerequisite: Compiler for Go installed (instructions).
git clone [email protected]:nixpig/anocir.gitcd anocirmake buildmv tmp/bin/anocir ~/.local/bin
I'm developing anocir on the following environment. Even with the same set up, YMMV.
Linux vagrant 6.8.0-31-generic #31-Ubuntu SMP PREEMPT_DYNAMIC Sat Apr 20 00:40:06 UTC 2024 x86_64 x86_64 x86_64 GNU/Linuxgo version go1.24.5 linux/amd64Docker version 27.3.1, build ce12230
You can spin up this VM from the included Vagrantfile, just run vagrant up.
See OCI.md for details of tests.
vagrant up --provisionvagrant sshcd /anocirmake buildcd /anocir/test/runtime-toolsmake runtimetest validation-executablessudo RUNTIME=../../tmp/bin/anocir ../scripts/oci-integration.sh
While this project was built entirely from scratch, inspiration was taken from existing runtimes, in no particular order: