✦ For everyone, free.

Practical knowledge for real and everyday life

Home

2.2.1.1 Containerd Runtime Supervision

A focused guide to Containerd Runtime Supervision, connecting core concepts with practical Docker and container operations.

Containerd runtime supervision is containerd's responsibility for starting a container's process via runc, monitoring it while it runs, and reporting its exit status, acting as the layer that keeps track of whether a container is actually still alive.

Starting and Tracking a Container Process

When asked to run a container, containerd generates the appropriate OCI runtime specification and invokes runc to actually create the isolated process, then keeps a reference to that process so it can report on its state going forward.

ctr run --rm docker.io/library/alpine:latest mytask echo hello

This command results in containerd supervising the lifetime of the resulting process, from creation through to its exit.

Detecting Process Exit

containerd monitors the supervised process directly, detecting the moment it exits and recording its exit code, which is how higher-level tools like the Docker daemon know to update a container's reported status without needing to poll the process themselves.

ctr tasks list

This reports the current status of every task containerd is supervising, including whether each one is running or has already exited.

Surviving Daemon Restarts

A notable design goal of containerd's supervision model is that running containers should not need to be restarted just because a higher-level component, such as the Docker daemon, restarts — containerd itself keeps supervising already-running containers independently.

systemctl restart docker
docker ps

Containers that were already running typically remain running through a Docker daemon restart, because containerd, not dockerd, is the component actually supervising their processes.

Shim Processes

For each running container, containerd typically starts a small shim process that sits between containerd and the actual container process, which allows the container to keep running even if containerd itself is restarted, further decoupling supervision from any single long-running process.

ps aux | grep containerd-shim
Why Runtime Supervision Matters

Reliable supervision at this layer is what allows the overall system to report accurate container status, restart containers automatically according to a defined policy, and avoid unnecessarily disrupting already-running workloads when higher-level components are restarted or upgraded.

Related content