Minimal implementation of the OCI runtime specification

This thesis explores the intersection of cloud technologies and embedded systems by investigating the potential of adapting containerization to resource-constrained embedded systems. With the rise of IoT and edge computing, there is an increasing opportunity to bring the portability and automation benefits of containers into embedded deployments without overwhelming the limited resources available.

The primary objectives were to gain a deep understanding of the Linux features that enable containerization, especially namespaces and cgroups, and to develop a minimal container runtime compatible with the Open Container Initiative (OCI) specifications. The research involved analyzing existing container technologies, designing a minimal runtime, and implementing it in a way that preserves key container benefits while minimizing overhead.

Despite significant challenges, due to the lack of standardized API s and the exploratory nature of implementing the OCI runtime specification, the thesis successfully demonstrates the feasibility of creating a minimal container runtime. Although a big part of the OCI specification including network isolation was excluded due to its complexity, the resulting runtime is compatible with container managers like Podman and can create containers similar to standard implementations. This work is an exploration into the adaptation of cloud-native technologies in embedded systems, covering an interesting intersection of modern software engineering.

Roci outperforms the reference implementation of the OCI runtime specification runc by ~67%. But it falls behind the C implementation crun, being slower by ~20%, while implementing the complete OCI runtime specification.