runC: The Little Engine That Could Run Docker Containers - Black Belt Track

Explore the capabilities of runC, a Docker-contributed reference implementation of the Open Container Initiative (OCI) specification, in this 45-minute conference talk. Dive into the world of lightweight container runtimes as Docker engine maintainer Phil Estes demonstrates how to leverage runC for experimenting with low-level container features. Learn about the "riddler" conversion tool for translating Docker container configurations into OCI-compatible bundles. Discover how to create custom configurations to test advanced security features like user namespaces and seccomp profiles. Gain insights into the OCI, Docker's open innovation platform, and the thriving ecosystem surrounding containerization technology. Examine practical examples involving user namespaces, networking, Linux capabilities, and UID mapping to deepen your understanding of container runtime environments.