Skip to content

neonwalker/krate

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
.github/workflows
.github/workflows
 
 
assets
assets
 
 
src
src
 
 
.gitignore
.gitignore
 
 
Cargo.lock
Cargo.lock
 
 
Cargo.toml
Cargo.toml
 
 
README.md
README.md
 
 

Repository files navigation

Krate

A lightweight Linux container runtime written in Rust.

Krate uses Linux namespaces and cgroups v2 to isolate processes, following the OCI Runtime Specification for container lifecycle management.

App Demo

How it works

Krate isolates containers using four Linux namespaces:

Namespace Purpose
PID Isolated process tree
UTS Isolated hostname
Mount Isolated filesystem mounts
IPC Isolated shared memory and message queues

Resource limits (CPU and memory) are enforced through cgroups v2.

Container state is persisted as JSON under /run/krate/<container-id>/, enabling the OCI two-step lifecycle: create prepares the container, start runs it.

Building

cargo build

Krate targets Linux. It can be built on macOS but must be run on a Linux system with:

  • cgroups v2 enabled (mount | grep cgroup2)
  • Root privileges (required for namespace creation)

Usage

Register krate as a Docker runtime in /etc/docker/daemon.json:

{
  "runtimes": {
    "krate": {
      "path": "/path/to/krate"
    }
  }
}

Then use it with Docker:

sudo docker run --runtime krate --network none hello-world

About

Container runtime

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages