Thanks for your interest! The container runtime is software that uses the linux kernel feature cgroup/pivot_root/namespace to provide a space for processes to run in isolation from the host. There is a specification called OCI Runtime that describes it in more detail.
I’ll check out that OCI Runtime specification…I just wonder if development in this field is possible for someone like myself. Is the primary way to interface with those kernel features done via system calls?
Kernel calls and cgroupfs are the main functions we use. cgroupfs is a file system, so it only reads and writes to files. I think it can do simple things. Of course, I started out with something very simple. It's fun to do just a little bit.
