Search code examples
dockerpodmanrunc

What's the relationship between docker and runc?

I find some info that says dockerd creates containers via runc. However, those containers created by the docker cannot be managed by runc. While the containers created by the podman can be managed by the runc directly.

FYI

Docker:

F   UID     PID    PPID PRI  NI    VSZ   RSS WCHAN  STAT TTY        TIME COMMAND
4     0    1931       1  20   0 807236 90420 -      Ssl  ?          1:13 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
0     0    2139       1  20   0 113116  7432 -      Sl   ?          0:28 /usr/bin/containerd-shim-runc-v2 -namespace moby -id 7f3fa77ddad85e82619b21d6fd9bde8c6
4     0    2163    2139  20   0  10636  6032 -      Ss   ?          0:00  \_ nginx: master process nginx -g daemon off;
5   101    2217    2163  20   0  11032  2560 -      S    ?          0:00      \_ nginx: worker process
0     0    2240       1  20   0 111964  6584 -      Sl   ?          0:28 /usr/bin/containerd-shim-runc-v2 -namespace moby -id 05ebb62bc6557c76f9d4494bbd2262e9f
4     0    2261    2240  20   0  10636  5988 -      Ss   ?          0:00  \_ nginx: master process nginx -g daemon off;
5   101    2319    2261  20   0  11032  2760 -      S    ?          0:00      \_ nginx: worker process

$ docker container ls                                                                                                                 
CONTAINER ID   IMAGE     COMMAND                  CREATED      STATUS      PORTS     NAMES
05ebb62bc655   nginx     "/docker-entrypoint.…"   6 days ago   Up 6 days   80/tcp    nginx2
7f3fa77ddad8   nginx     "/docker-entrypoint.…"   6 days ago   Up 6 days   80/tcp    nginx1
$ runc list                                                                                                                           
ID          PID         STATUS      BUNDLE      CREATED     OWNER

Podman:

F   UID     PID    PPID PRI  NI    VSZ   RSS WCHAN  STAT TTY        TIME COMMAND
1     0  128933       1  20   0 143820  2196 x64_sy Ssl  ?          0:00 /usr/bin/conmon --api-version 1 -c 2d37331cea4eb213189db820840c9d3bf3f9abc4a9d92ca4225
4     0  128942  128933  20   0  10640  5980 -      Ss   ?          0:00  \_ nginx: master process nginx -g daemon off;
5   101  128976  128942  20   0  11036  2564 do_epo S    ?          0:00      \_ nginx: worker process
1     0  129276       1  20   0 143820  2324 x64_sy Ssl  ?          0:00 /usr/bin/conmon --api-version 1 -c 2bf3a1f5fdd479cf1402984322f9d09a2b22149d6f01d776049
4     0  129285  129276  20   0  10640  5940 -      Ss   ?          0:00  \_ nginx: master process nginx -g daemon off;
5   101  129320  129285  20   0  11036  2632 do_epo S    ?          0:00      \_ nginx: worker process

❯ podman container ls
CONTAINER ID  IMAGE                           COMMAND               CREATED     STATUS         PORTS   NAMES
2bf3a1f5fdd4  docker.io/library/nginx:latest  nginx -g daemon o...  6 days ago  Up 6 days ago          nginx1
2d37331cea4e  docker.io/library/nginx:latest  nginx -g daemon o...  6 days ago  Up 6 days ago          nginx2
❯ runc list
ID                                                                 PID         STATUS      BUNDLE                                                                                                                     CREATED                          OWNER
2bf3a1f5fdd479cf1402984322f9d09a2b22149d6f01d7760493e482253ed2c3   129285      running     /var/lib/containers/storage/overlay-containers/2bf3a1f5fdd479cf1402984322f9d09a2b22149d6f01d7760493e482253ed2c3/userdata   2021-03-17T08:04:13.948219157Z   root
2d37331cea4eb213189db820840c9d3bf3f9abc4a9d92ca42253520cbe2b6710   128942      running     /var/lib/containers/storage/overlay-containers/2d37331cea4eb213189db820840c9d3bf3f9abc4a9d92ca42253520cbe2b6710/userdata   2021-03-17T08:03:40.961730347Z   root
Solution

  • Docker starts containers in /run/docker/runtime-runc/moby/ and /run/docker/runtime-runc/plugins.moby/. You can see them with runc by using --root option:

    ~# runc --root /run/docker/runtime-runc/moby/ list
ID                                                                 PID         STATUS      BUNDLE                                                                                                                CREATED                          OWNER
4a81e5e9babc18e2bd7eaf560a9d0ab1bff7fb9145acacd9445d313f2b40f3ef   4159        running     /run/containerd/io.containerd.runtime.v2.task/moby/4a81e5e9babc18e2bd7eaf560a9d0ab1bff7fb9145acacd9445d313f2b40f3ef   2021-05-14T06:26:25.894963575Z   root
9e88f71c7f4814d87252b2defcb22aa5c851511d8ed27dd1b4d260a116358090   5072        running     /run/containerd/io.containerd.runtime.v2.task/moby/9e88f71c7f4814d87252b2defcb22aa5c851511d8ed27dd1b4d260a116358090   2021-05-14T06:26:34.330942248Z   root
aba4e2c0534a0d79bafa19a81aa412eb61848451ebfa1122af58197d3c8a8f39   4169        running     /run/containerd/io.containerd.runtime.v2.task/moby/aba4e2c0534a0d79bafa19a81aa412eb61848451ebfa1122af58197d3c8a8f39   2021-05-14T06:26:26.09091234Z    root
bc9377f463e7dc47bd58d80a62b0ba4da6fc86869f40d41dc181b7c9f057b2f5   4199        running     /run/containerd/io.containerd.runtime.v2.task/moby/bc9377f463e7dc47bd58d80a62b0ba4da6fc86869f40d41dc181b7c9f057b2f5   2021-05-14T06:26:26.090912342Z   root
e554c565e3c270d4630f91ec8ab5e97379720ab950f1c9f285e31b95929e46dc   5071        running     /run/containerd/io.containerd.runtime.v2.task/moby/e554c565e3c270d4630f91ec8ab5e97379720ab950f1c9f285e31b95929e46dc   2021-05-14T06:26:34.299062098Z   root
ef49f937f358db1debec1037796972f00a6a030c15f2b471053b81d01f1b6bb5   4952        running     /run/containerd/io.containerd.runtime.v2.task/moby/ef49f937f358db1debec1037796972f00a6a030c15f2b471053b81d01f1b6bb5   2021-05-14T06:26:33.927094868Z   root

    As for the relationship, it has been answered here.