[an-oh-cheer] Another OCI Runtime.
An experimental Linux container runtime, implementing the OCI Runtime Spec.
The process of building this is being documented in a series of blog posts which you can read here: Building a container runtime from scratch in Go.
Note
This is a personal project for me to explore how container runtimes work. It's not production-ready (and probably never will be).
If you're looking for a production-ready alternative to runc, I think youki is pretty cool.
- Pass all tests in the opencontainers OCI Runtime Spec test suite.
- Pass all tests in the Kubernetes CRI valiidation test suite.
- Implement optional Seccomp.
- Implement optional AppArmor.
- Download the tarball for your architecture from Releases.
- Extract the
anocirbinary from the tarball into somewhere in$PATH, e.g.~/.local/bin. - View docs by running
anocir --helporanocir COMMAND --help.
Caution
Some features may require sudo and make changes to your system.
Given this is an experimental project, take appropriate precautions.
By default, the Docker daemon uses the runc container runtime. anocir can be used as a drop-in replacement for runc.
You can find detailed instructions on how to configure alternative runtimes in the Docker docs. If you just want to quickly experiment, the following should suffice:
# 1. Stop any running Docker service
sudo systemctl stop docker.service
# 2. Start the Docker Daemon with added anocir runtime
sudo dockerd --add-runtime anocir=PATH_TO_ANOCIR_BINARY
# 3. Run a container using the anocir runtime
docker run -it --runtime anocir busybox sh
The anocir CLI implements the OCI Runtime Command Line Interface spec. You can view the docs by running anocir --help or anocir [COMMAND] --help.
Feel free to leave any comments/suggestions/feedback in issues.
Prerequisite: Compiler for Go installed (instructions).
git clone [email protected]:nixpig/anocir.gitcd anocirmake buildmv tmp/bin/anocir ~/.local/bin
I'm developing anocir on the following environment. Even with the same set up, YMMV.
Linux vagrant 6.8.0-31-generic #31-Ubuntu SMP PREEMPT_DYNAMIC Sat Apr 20 00:40:06 UTC 2024 x86_64 x86_64 x86_64 GNU/Linuxgo version go1.24.5 linux/amd64Docker version 27.3.1, build ce12230
You can spin up this VM from the included Vagrantfile, just run vagrant up.
See OCI.md for details of tests.
vagrant up --provisionvagrant sshcd /anocirmake buildcd /anocir/test/runtime-toolsmake runtimetest validation-executablessudo RUNTIME=../../tmp/bin/anocir ../scripts/oci-integration.sh
While this project was built entirely from scratch, inspiration was taken from existing runtimes, in no particular order: