{"id":13446641,"url":"https://github.com/opencontainers/runtime-tools","last_synced_at":"2025-05-13T19:16:23.437Z","repository":{"id":3553499,"uuid":"49598840","full_name":"opencontainers/runtime-tools","owner":"opencontainers","description":"OCI Runtime Tools","archived":false,"fork":false,"pushed_at":"2025-03-03T01:10:46.000Z","size":10915,"stargazers_count":451,"open_issues_count":59,"forks_count":149,"subscribers_count":42,"default_branch":"master","last_synced_at":"2025-04-27T20:06:02.819Z","etag":null,"topics":["docker","oci","opencontainers","runc"],"latest_commit_sha":null,"homepage":"https://www.opencontainers.org/","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/opencontainers.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-01-13T20:10:21.000Z","updated_at":"2025-04-20T17:57:09.000Z","dependencies_parsed_at":"2023-01-13T12:36:38.846Z","dependency_job_id":"54f8d64c-718f-4a5c-85e3-e16c17209dac","html_url":"https://github.com/opencontainers/runtime-tools","commit_stats":{"total_commits":836,"total_committers":58,"mean_commits":"14.413793103448276","dds":0.8038277511961722,"last_synced_commit":"f7e3563b0271e5cd52d5c915684ea11ef2779572"},"previous_names":["opencontainers/ocitools"],"tags_count":9,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/opencontainers%2Fruntime-tools","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/opencontainers%2Fruntime-tools/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/opencontainers%2Fruntime-tools/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/opencontainers%2Fruntime-tools/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/opencontainers","download_url":"https://codeload.github.com/opencontainers/runtime-tools/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254010823,"owners_count":21999003,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["docker","oci","opencontainers","runc"],"created_at":"2024-07-31T05:00:55.449Z","updated_at":"2025-05-13T19:16:23.410Z","avatar_url":"https://github.com/opencontainers.png","language":"Go","readme":"# oci-runtime-tool [![Build Status](https://travis-ci.org/opencontainers/runtime-tools.svg?branch=master)](https://travis-ci.org/opencontainers/runtime-tools) [![Go Report Card](https://goreportcard.com/badge/github.com/opencontainers/runtime-tools)](https://goreportcard.com/report/github.com/opencontainers/runtime-tools)\n\noci-runtime-tool is a collection of tools for working with the [OCI runtime specification][runtime-spec].\nTo build from source code, runtime-tools requires Go 1.19.x or above.\n\n## Table of Contents\n\nAdditional documentation about how this group operates:\n\n- [Code of Conduct][code-of-conduct]\n- [security][security]\n\n\n## Generating an OCI runtime spec configuration files\n\n[`oci-runtime-tool generate`][generate.1] generates [configuration JSON][config.json] for an [OCI bundle][bundle].\n[OCI-compatible runtimes][runtime-spec] like [runC][] expect to read the configuration from `config.json`.\n\n```console\n$ oci-runtime-tool generate --output config.json\n$ cat config.json\n{\n        \"ociVersion\": \"0.5.0\",\n        …\n}\n```\n\n## Validating an OCI bundle\n\n[`oci-runtime-tool validate`][validate.1] validates an OCI bundle.\nThe error message will be printed if the OCI bundle failed the validation procedure.\n\n```console\n$ oci-runtime-tool generate\n$ oci-runtime-tool validate\nINFO[0000] Bundle validation succeeded.\n```\n\n## Testing OCI runtimes\n\nThe runtime validation suite uses [node-tap][], which is packaged for some distributions (for example, it is in [Debian's `node-tap` package][debian-node-tap]).\nIf your distribution does not package node-tap, you can install [npm][] (for example, from [Gentoo's `nodejs` package][gentoo-nodejs]) and use it:\n\n```console\n$ npm install tap\n```\n\nBuild the validation executables:\n\n```console\n$ make runtimetest validation-executables\n```\n\nRuntime validation currently [only supports](docs/runtime-compliance-testing.md) the [OCI Runtime Command Line Interface](docs/command-line-interface.md).\nIf we add support for alternative APIs in the future, runtime validation will gain an option to select the desired runtime API.\nFor the command line interface, the `RUNTIME` option selects the runtime command (`funC` in the [OCI Runtime Command Line Interface](docs/command-line-interface.md)).\n\n```\n$ sudo make RUNTIME=runc localvalidation\nRUNTIME=runc tap validation/pidfile.t validation/linux_cgroups_hugetlb.t validation/linux_cgroups_memory.t validation/linux_rootfs_propagation_shared.t validation/kill.t validation/create.t validation/poststart.t validation/linux_cgroups_network.t validation/poststop_fail.t validation/linux_readonly_paths.t validation/prestart_fail.t validation/hooks_stdin.t validation/default.t validation/linux_masked_paths.t validation/poststop.t validation/misc_props.t validation/prestart.t validation/poststart_fail.t validation/mounts.t validation/linux_cgroups_relative_pids.t validation/process_user.t validation/process.t validation/hooks.t validation/process_capabilities_fail.t validation/process_rlimits_fail.t validation/linux_cgroups_relative_cpus.t validation/process_rlimits.t validation/linux_cgroups_relative_blkio.t validation/linux_sysctl.t validation/linux_seccomp.t validation/linux_devices.t validation/start.t validation/linux_cgroups_pids.t validation/process_capabilities.t validation/process_oom_score_adj.t validation/linux_cgroups_relative_hugetlb.t validation/linux_cgroups_cpus.t validation/linux_cgroups_relative_memory.t validation/state.t validation/root_readonly_true.t validation/linux_cgroups_blkio.t validation/linux_rootfs_propagation_unbindable.t validation/delete.t validation/linux_cgroups_relative_network.t validation/hostname.t validation/killsig.t validation/linux_uid_mappings.t\nvalidation/pidfile.t .failed to create the container\ncontainer_linux.go:348: starting container process caused \"process_linux.go:402: container init caused \\\"process_linux.go:367: setting cgroup config for procHooks process caused \\\\\\\"failed to write 56892210544640 to hugetlb.1GB.limit_in_bytes: open /sys/fs/cgroup/hugetlb/cgrouptest/hugetlb.1GB.limit_in_bytes: permission denied\\\\\\\"\\\"\"\nexit status 1\nvalidation/pidfile.t .................................. 1/1 315ms\nvalidation/linux_cgroups_hugetlb.t .................... 0/1\n  not ok validation/linux_cgroups_hugetlb.t\n    timeout: 30000\n    file: validation/linux_cgroups_hugetlb.t\n    command: validation/linux_cgroups_hugetlb.t\n    args: []\n    stdio:\n      - 0\n      - pipe\n      - 2\n    cwd: /…/go/src/github.com/opencontainers/runtime-tools\n    exitCode: 1\n\nvalidation/linux_cgroups_memory.t ..................... 9/9\nvalidation/linux_rootfs_propagation_shared.t ...... 252/282\n  not ok shared root propagation exposes \"/target348456609/mount892511628/example376408222\"\n\n  Skipped: 29\n     /dev/null (default device) has unconfigured permissions\n…\ntotal ........................................... 4381/4962\n\n\n  4381 passing (1m)\n  567 pending\n  14 failing\n\nmake: *** [Makefile:44: localvalidation] Error 1\n```\n\nYou can also run an individual test executable directly:\n\n```console\n$ sudo RUNTIME=runc validation/default/default.t\nTAP version 13\nok 1 - has expected hostname\n  ---\n  {\n    \"actual\": \"mrsdalloway\",\n    \"expected\": \"mrsdalloway\"\n  }\n  ...\n…\nok 287 # SKIP linux.gidMappings not set\n1..287\n```\n\nIf you cannot install node-tap, you can probably run the test suite with another [TAP consumer][tap-consumers].\nFor example, with [`prove`][prove]:\n\n```console\n$ sudo make TAPTOOL='prove -Q -j9' RUNTIME=runc VALIDATION_TESTS=validation/pidfile/pidfile.t localvalidation\nRUNTIME=runc prove -Q -j9 validation/pidfile.t\nAll tests successful.\nFiles=1, Tests=1,  0 wallclock secs ( 0.01 usr  0.01 sys +  0.03 cusr  0.03 csys =  0.08 CPU)\nResult: PASS\n```\n\n[security]: https://github.com/opencontainers/org/blob/master/security\n[code-of-conduct]: https://github.com/opencontainers/org/blob/master/CODE_OF_CONDUCT.md\n[bundle]: https://github.com/opencontainers/runtime-spec/blob/master/bundle.md\n[config.json]: https://github.com/opencontainers/runtime-spec/blob/master/config.md\n[debian-node-tap]: https://packages.debian.org/stretch/node-tap\n[debian-nodejs]: https://packages.debian.org/stretch/nodejs\n[gentoo-nodejs]: https://packages.gentoo.org/packages/net-libs/nodejs\n[node-tap]: http://www.node-tap.org/\n[npm]: https://www.npmjs.com/\n[prove]: http://search.cpan.org/~leont/Test-Harness-3.39/bin/prove\n[runC]: https://github.com/opencontainers/runc\n[runtime-spec]: https://github.com/opencontainers/runtime-spec\n[tap-consumers]: https://testanything.org/consumers.html\n\n[generate.1]: man/oci-runtime-tool-generate.1.md\n[validate.1]: man/oci-runtime-tool-validate.1.md\n","funding_links":[],"categories":["Container Operations","Go"],"sub_categories":["Runtime"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fopencontainers%2Fruntime-tools","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fopencontainers%2Fruntime-tools","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fopencontainers%2Fruntime-tools/lists"}