runc is the low-level program that actually creates a running container. Its own repository README states that “runc is a CLI tool for spawning and running containers on Linux according to the OCI specification.” It is deliberately small and unglamorous: higher-level systems hand it a configuration and a root filesystem, and runc sets up the Linux namespaces and cgroups that turn an ordinary process into an isolated, resource-limited container.
runc was born out of the Open Container Initiative. The OCI overview page records that the initiative was formed under the Linux Foundation on June 22, 2015, by Docker, CoreOS, and other industry leaders to create open standards for container formats and runtimes, and that “Docker is donating its container format and runtime, runC, to the OCI to serve as the cornerstone of this new effort.” runc therefore began life as Docker’s own runtime, libcontainer, repackaged as the reference implementation of the OCI Runtime Specification.
Because it implements that shared specification, runc became a common foundation across the ecosystem. Container managers do not call the kernel directly; instead containerd, and through it Docker and Kubernetes-based systems, invoke runc to perform the final step of creating each container. The runc README points readers to the OCI runtime-spec repository for the exact configuration fields it consumes.
runc’s design captures the essence of what a container runtime does: take the kernel primitives documented in the namespaces(7) and cgroups(7) manual pages and assemble them, per a portable specification, into a standard container.