runc

Jan 1, 0001

Definition

runc is a lightweight, portable container runtime that implements the Open Container Initiative (OCI) specification for running containers. It is a command-line tool that provides the basic functionalities required to create and run containers from OCI bundle directories. As a low-level component, runc is often used by higher-level container orchestration systems like Docker and Kubernetes to manage container lifecycles.

Secure Settings Example

{
  "ociVersion": "1.0.2",
  "process": {
    "noNewPrivileges": true,
    "capabilities": {
      "bounding": [
        "CAP_CHOWN",
        "CAP_DAC_OVERRIDE",
        "CAP_FOWNER",
        "CAP_SETGID",
        "CAP_SETUID",
        "CAP_NET_BIND_SERVICE"
      ]
    }
  },
  "linux": {
    "seccomp": {
      "defaultAction": "SCMP_ACT_ERRNO",
      "architectures": [
        "SCMP_ARCH_X86_64"
      ],
      "syscalls": [
        {
          "names": ["execve"],
          "action": "SCMP_ACT_ALLOW"
        }
      ]
    }
  }
}

Insecure Settings Example

{
  "ociVersion": "1.0.2",
  "process": {
    "noNewPrivileges": false,
    "capabilities": {
      "bounding": [
        "CAP_SYS_ADMIN",
        "CAP_NET_ADMIN"
      ]
    }
  },
  "linux": {
    "seccomp": {
      "defaultAction": "SCMP_ACT_ALLOW"
    }
  }
}