Does anyone here know how #runc manages to get rid of the init process?

If I understand this correctly, runc init and the container’s main process are children if the same parent process.

But... how does runc manage to run the main process in the namespace created by init? Does libcontainer do this? Or is the namespace created by the parent and both processes inherit it? But how can the main process then be pid 1?

I could not find any articles explaining this specific part in detail.

RT @thaJeztah@twitter.com

This was a fun trip down memory lane on how the @docker@twitter.com engine led to @containerd@twitter.com, #runc, and the @OCI_ORG@twitter.com

Thanks @iximiuz@twitter.com for sending me down this trip! https://twitter.com/thaJeztah/status/1565795698783698944

🐦🔗: https://twitter.com/thaJeztah/status/1566054375810007040

Learn about container runtimes (#containerd #Docker #katacontainers #LXD, #rkt, #runc & more) and how to interact with container images from this @opensuse + @libreoffice Conference talk... https://youtu.be/FKDmdiGf60Y

Update your #container environment now. Critical patch for #runc. When you use #docker, #kubernetes, #crio, #lxc - update. https://seclists.org/oss-sec/2019/q1/119

Major container vuln leading to container escape:

#CVE-2019-5736: #runc #container breakout (all versions)
https://www.openwall.com/lists/oss-security/2019/02/11/2

#LXC #Docker