This release fixes checkpoint/restore behavior with mounted cgroups.
Also it includes various minor features and bugfixes. Full list of changes:

* Add signal API to Container interface
* Update to 5b31bb2b7771e5074a4eb14eca432da1ca5182d6
* Don't set /proc/<PID>/setgroups to deny in Go1.5
* Add debug message when unable to execute criu
* Remove reference to nsinit
* Replace dind with smaller script
* integration: show criu logs in a error case
* tests: dump/restore a container with cgroups
* Simplify and fix os.MkdirAll() usage
* Change default state directory to /run/oci
* Add TESTFLAGS to Makefile targets
* Update to correct comment about spec and user
* Only add network info if NEWNET is set
* Fix files not closed in mountinfo parsing function
* signal: Fix leak
* test: propagate the error to the caller
* Swap check for systemd booted to use go-systemd method
* Vendor
* Use /proc/self/exe as default for InitPath
* Adapt code to go-systemd/dbus v3
* Update to v3
* typo: tempory -> temporary
* bring the loopback interface up
* systemd integration with container runtime for supporting sd_notify protocol
* Remount /sys/fs/cgroup as RO if MS_RDONLY was passed in m.Flags
* Update maintainers guide
* Create symlinks for merged cgroups
* ct: give criu informations about cgroup mounts
* Fix subsystem path with abs parent
* avoid infinite loop with GCCGO
Merge pull request #175 from crosbymichael/container-signal

Add signal API to Container interface
tree: 621829ffa5d16743f66b8759c00cb35d6d6f85f4
  1. Godeps/
  2. libcontainer/
  3. script/
  4. .gitignore
  5. checkpoint.go
  7. events.go
  9. main.go
  10. main_unix.go
  11. main_unsupported.go
  14. Makefile
  15. NOTICE
  18. restore.go
  19. run.go
  20. signals.go
  21. spec.go
  22. tty.go
  23. utils.go


runc is a CLI tool for spawning and running containers according to the OCF specification.

State of the project

Currently runc is an implementation of the OCF specification. We are currently sprinting to have a v1 of the spec out within a quick timeframe of a few weeks, ~July 2015, so the runc config format will be constantly changing until the spec is finalized. However, we encourage you to try out the tool and give feedback.


How does runc integrate with the Open Container Format? runc depends on the types specified in the specs repository. Whenever the specification is updated and ready to be versioned runc will update it's dependency on the specs repository and support the update spec.


# create a '' in your GOPATH/src
git clone
cd runc
sudo make install


To run a container that you received just execute runc with the JSON format as the argument or have a config.json file in the current working directory.

/ $ ps
1     daemon   sh
5     daemon   sh
/ $

OCF Container JSON Format:

Below is a sample config.json configuration file. It assumes that the file-system is found in a directory called rootfs and there is a user named daemon defined within that file-system.

    "version": "pre-draft",
    "platform": {
        "os": "linux",
        "arch": "amd64"
    "process": {
        "terminal": true,
        "user": {
            "uid": 0,
            "gid": 0,
            "additionalGids": null
        "args": [
        "env": [
        "cwd": ""
    "root": {
        "path": "rootfs",
        "readonly": true
    "hostname": "shell",
    "mounts": [
            "type": "proc",
            "source": "proc",
            "destination": "/proc",
            "options": ""
            "type": "tmpfs",
            "source": "tmpfs",
            "destination": "/dev",
            "options": "nosuid,strictatime,mode=755,size=65536k"
            "type": "devpts",
            "source": "devpts",
            "destination": "/dev/pts",
            "options": "nosuid,noexec,newinstance,ptmxmode=0666,mode=0620,gid=5"
            "type": "tmpfs",
            "source": "shm",
            "destination": "/dev/shm",
            "options": "nosuid,noexec,nodev,mode=1777,size=65536k"
            "type": "mqueue",
            "source": "mqueue",
            "destination": "/dev/mqueue",
            "options": "nosuid,noexec,nodev"
            "type": "sysfs",
            "source": "sysfs",
            "destination": "/sys",
            "options": "nosuid,noexec,nodev"
            "type": "cgroup",
            "source": "cgroup",
            "destination": "/sys/fs/cgroup",
            "options": "nosuid,noexec,nodev,relatime,ro"
    "linux": {
        "uidMapping": null,
        "gidMapping": null,
        "rlimits": null,
        "systemProperties": null,
        "resources": {
            "disableOOMKiller": false,
            "memory": {
                "limit": 0,
                "reservation": 0,
                "swap": 0,
                "kernel": 0,
                "swappiness": -1
            "cpu": {
                "shares": 0,
                "quota": 0,
                "period": 0,
                "realtimeRuntime": 0,
                "realtimePeriod": 0,
                "cpus": "",
                "mems": ""
            "blockIO": {
                "blkioWeight": 0,
                "blkioWeightDevice": "",
                "blkioThrottleReadBpsDevice": "",
                "blkioThrottleWriteBpsDevice": "",
                "blkioThrottleReadIopsDevice": "",
                "blkioThrottleWriteIopsDevice": ""
            "hugepageLimits": null,
            "network": {
                "classId": "",
                "priorities": null
        "namespaces": [
                "type": "process",
                "path": ""
                "type": "network",
                "path": ""
                "type": "ipc",
                "path": ""
                "type": "uts",
                "path": ""
                "type": "mount",
                "path": ""
        "capabilities": [
        "devices": [


Using a Docker image (requires version 1.3 or later)

To test using Docker's busybox image follow these steps:

  • Install docker and download the busybox image: docker pull busybox
  • Create a container from that image and export its contents to a tar file: docker export $(docker create busybox) > busybox.tar
  • Untar the contents to create your filesystem directory:
mkdir rootfs
tar -C rootfs -xf busybox.tar
  • Create a file called config.json using the example from above. You can also generate a spec using runc spec, redirecting the output into config.json
  • Execute runc and you should be placed into a shell where you can run ps:
$ runc
/ # ps
    1 root     sh
    9 root     ps

Using runc with systemd

Description=Minecraft Build Server