Building a Linux Container Runtime from Scratch

Why build a new low-level container runtime? The idea of separating the low-level container runtime concerns into its own tool or microservice is not new. Outside of the Kubernetes CRI, which presents container lifecycle management as a pluggable microservice, there are simpler tools which provide a low-level container runtime as well, such as the unshare utility in util-linux, as well as another tool called Bubblewrap. But these tools are either too high-level (like the Kubernetes CRI), or they are designed to be used via shell scripting: Bubblewrap has a high amount of configurability, but is only accessible via a very complicated CLI that is easy to get wrong, while util-linux’s unshare has basic functionality, but also locked behind a CLI. While CLIs allow for rapid iteration, we needed something different for Edera Protect: a rich programmatic interface for spawning and managing containers with precision. Styrolite provides the best of both worlds—a clean API directly usable fro ... Read full article.