Explore the capabilities of runC, a Docker-contributed reference implementation of the Open Container Initiative (OCI) specification, in this 45-minute conference talk. Dive into the world of lightweight container runtimes as Docker engine maintainer Phil Estes demonstrates how to leverage runC for experimenting with low-level container features. Learn about the "riddler" conversion tool for translating Docker container configurations into OCI-compatible bundles. Discover how to create custom configurations to test advanced security features like user namespaces and seccomp profiles. Gain insights into the OCI, Docker's open innovation platform, and the thriving ecosystem surrounding containerization technology. Examine practical examples involving user namespaces, networking, Linux capabilities, and UID mapping to deepen your understanding of container runtime environments.
runC: The Little Engine That Could Run Docker Containers - Black Belt Track
Overview
Syllabus
Intro
Open Container Initiative
Open innovation platform
Black Belt Track
OCI Tools
Riddler
User Name Spaces
Network
Linux capabilities
Set hostname
Netans list
nginx
networking nginx
user nginx
change indexhtml
Network namespaces
localhost
UID mapping
Taught by
Docker
