2.2.3.4 OCI Runtime Compatibility

OCI runtime compatibility is the property that lets different runtime implementations — runc and its alternatives — be used interchangeably underneath higher-level tools, as long as each implementation correctly interprets the same standardized runtime configuration format.

What Compatibility Actually Means

A runtime is OCI-compatible if, given a valid OCI runtime configuration, it produces a container with the namespaces, cgroups, mounts, and process execution behavior the specification describes — regardless of how it implements that behavior internally.

runc run mycontainer
crun run mycontainer

Both of these are separate, independently implemented runtimes; given equivalent configuration, both are expected to produce containers with equivalent isolation properties, since both target the same specification.

Why Multiple Implementations Exist

Different runtime implementations exist because they make different tradeoffs: runc is the reference implementation, written in Go; crun is a lighter-weight alternative written in C, optimized for faster startup and lower memory overhead, while remaining compatible with the same configuration format.

time runc run mycontainer
time crun run mycontainer

Comparing startup time between implementations is a common reason teams choose one over the other, while still relying on the same underlying configuration format either way.

Compatibility With Stronger-Isolation Runtimes

Runtimes that provide stronger isolation by running each container inside a lightweight virtual machine still implement the same OCI runtime interface, which is why they can be substituted into systems like containerd without those systems needing runtime-specific integration code.

ctr run --runtime io.containerd.kata.v2 myimage mycontainer

Verifying Compatibility

Compatibility is generally verified against a published conformance test suite, which checks that a given runtime implementation correctly handles the full range of configuration options the specification defines.

runtime-tools/validation/run.sh

Why Runtime Compatibility Matters

Because compatibility is verified against a shared specification rather than against any one implementation's specific behavior, teams can choose a runtime based on performance, isolation strength, or platform support, with confidence that higher-level tooling built around the OCI interface will continue to work correctly regardless of which compliant runtime is actually in use.