0 views collected around this technical thread.
Docker containers often stop right after starting because the foreground process (PID 1) exits, and without a persistent daemon the container shuts down, a behavior explained by Linux init mechanics, process tables, and the Docker runtime architecture.
This article explains why Docker containers often stop right after starting by examining the Linux PID 1 init process, the behavior of foreground versus daemonized commands in Dockerfiles, and how container runtimes like containerd‑shim and runc manage the container’s main process.
This article walks through diagnosing and resolving two frequent Kubernetes problems—memory‑leak errors that cause "cannot allocate memory" or "no space left on device" messages, and expired cluster certificates—by checking cgroup stats, recompiling runc and kubelet, and renewing certificates with kubeadm for long‑term validity.
This article explains the key components and standards of the container ecosystem—including Docker, containerd, CRI‑O, OCI and runc—detailing how they interact, the role of the Container Runtime Interface, and why Docker is only a small part of a broader, interoperable cloud‑native landscape.
RunC, the OCI‑compliant low‑level container runtime originally derived from Docker’s libcontainer, works alongside high‑level runtimes like containerd and cri‑o, and this article explains its origins, lifecycle states, usage commands, and how it fits into the broader cloud‑native container ecosystem.
This guide explains how runc implements the OCI runtime spec, walks through creating an OCI bundle, using skopeo and umoci to fetch images, and demonstrates running containers in foreground and detached modes while highlighting the underlying Linux namespace mechanics.
This article provides a detailed overview of Docker’s evolution, the role of containerd, runc, and CRI in modern container runtimes, explains how Docker delegates container lifecycle management to containerd‑shim, and offers step‑by‑step instructions for installing, configuring, and using containerd with its CLI tools on Linux.
Many Docker beginners encounter containers that stop immediately after launch, often due to the CMD process exiting as PID 1; this article explains Linux PID 1 behavior, process tables, zombie and orphan processes, and how Docker’s namespace and runtime components like containerd‑shim and runc affect container lifecycles.
A critical CVE‑2019‑5736 vulnerability in the runc container runtime lets a malicious container overwrite the host’s runc binary, granting attackers root‑level code execution that can compromise other containers, the host system, and the network, with a CVSS 3.0 score of 7.2, affecting runc, Apache Mesos and LXC, and requiring prompt updates.