inside containerd: how shim and runc actually work

dXQgYmV0d2VlbiB0aGF0IGNhbGwgYW5kIHRoZSBydW5uaW5nIGNvbnRhaW5lciwgdGhyZWUgcHJvZ3JhbXMgZG8gYSByZWxheSDigJQgYW5kIG9uZSBvZiB0aGVtIGNvbW1pdHMgc3VpY2lkZSBvbiBwdXJwb3NlLiIKLS0tCgprdWJlbGV0IGNhbGxzIGNvbnRhaW5lcmQuIENvbnRhaW5lciBhcHBlYXJzLiBCdXQgYmV0d2VlbiB0aGF0IGNhbGwgYW5kIHRoZSBydW5uaW5nIGNvbnRhaW5lciwgdGhyZWUgcHJvZ3JhbXMgZG8gYSByZWxheSDigJQgYW5kIG9uZSBvZiB0aGVtIGNvbW1pdHMgc3VpY2lkZSBvbiBwdXJwb3NlLgoKPiBUaGlzIGlzIGNvbnRhaW5lcmQncyBpbnRlcm5hbCBtYWNoaW5lcnkuIEs4cyBkb2Vzbid0IGtub3cgYW55IG9mIHRoaXMgZXhpc3RzLiBGb3IgaG93IEs4cyBnb3QgdG8gY29udGFpbmVyZCBpbiB0aGUgZmlyc3QgcGxhY2UsIHNlZSBbQ29udGFpbmVyIFJ1bnRpbWU6IEEgRGl2b3JjZSBTdG9yeV0oL3YyL2NvbnRhaW5lci1ydW50aW1lLWV2b2x1dGlvbikuCgotLS0KCiMjIHJ1bmM6IHRoZSBvbmUtc2hvdCB0b29sCgpydW5jIHJlYWRzIGFuIE9DSSBidW5kbGUgKGEgYGNvbmZpZy5qc29uYCArIGByb290ZnNgIGRpcmVjdG9yeSkuIFNldHMgdXAgTGludXggbmFtZXNwYWNlcywgY2dyb3VwcywgY2hyb290LiBFeGVjJ3MgdGhlIGNvbnRhaW5lciBwcm9jZXNzLiBUaGVuIGV4aXRzLgoKVGhhdCBsYXN0IHBhcnQgaXMgdGhlIGtleS4gKipydW5jIGRvZXNuJ3QgYmFieXNpdC4qKiBJdCBidWlsZHMgdGhlIGhvdXNlLCBoYW5kcyBvdmVyIHRoZSBrZXlzLCBhbmQgbGVhdmVzLiBUaGUgY29udGFpbmVyIHByb2Nlc3MgaXMgcnVubmluZywgYnV0IHJ1bmMgaXMgYWxyZWFkeSBnb25lLiBXaG8ncyB0aGUgcGFyZW50IG5vdz8KCi0tLQoKIyMgVGhlIG9ycGhhbiBwcm9ibGVtCgpFdmVyeSBMaW51eCBwcm9jZXNzIGhhcyBhIHBhcmVudC4gUGFyZW50IGlzIHJlc3BvbnNpYmxlIGZvciBjYWxsaW5nIGB3YWl0KClgIHdoZW4gdGhlIGNoaWxkIGRpZXMuIE5vIGB3YWl0KClgIGNhbGwgbWVhbnMgdGhlIGRlYWQgY2hpbGQgYmVjb21lcyBhIHpvbWJpZSDigJQgYSByb3cgaW4gdGhlIHByb2Nlc3MgdGFibGUgdGhhdCBuZXZlciBnZXRzIGNsZWFuZWQgdXAuIFpvbWJpZXMgcGlsZSB1cCBhbmQgZXZlbnR1YWxseSBleGhhdXN0IGF2YWlsYWJsZSBQSURzLgoKSWYgcnVuYyBqdXN0IGV4aXRlZCBhbmQgY29udGFpbmVyZCB3YXMgdGhlIHBhcmVudDoKCj4gYGNvbnRhaW5lcmQgKFBJRCA1MDApIOKGkiBydW5jIOKGkiBjb250YWluZXIgKFBJRCA1MDIpIOKGkiBydW5jIGV4aXRzYAo+Cj4gY29udGFpbmVyJ3MgcGFyZW50ID0gY29udGFpbmVyZAo+Cj4gLSAqKlByb2JsZW0gMSoqOiBjb250YWluZXJkIHJlc3RhcnRzIGZvciB1cGdyYWRlIOKGkiBjb250YWluZXIncyBwYXJlbnQgZGllcyDihpIgY29udGFpbmVyIGxvc2VzIHN0ZGlvCj4gLSAqKlByb2JsZW0gMioqOiBjb250YWluZXJkIGNyYXNoZXMg4oaSIG5vYm9keSBjYWxscyBgd2FpdCgpYCBvbiBjb250YWluZXIg4oaSIHpvbWJpZQoKY29udGFpbmVyZCBjYW4ndCBiZSB0aGUgcGFyZW50LiBJdCBuZWVkcyB0byBiZSBmcmVlIHRvIHJlc3RhcnQsIHVwZ3JhZGUsIGFuZCBjcmFzaCB3aXRob3V0IGtpbGxpbmcgY29udGFpbmVycy4gU28gdGhlcmUncyBhIG1pZGRsZW1hbi4KCi0tLQoKIyMgY29udGFpbmVyZC1zaGltOiB0aGUgZG91YmxlIGZvcmsgdHJpY2sKCmNvbnRhaW5lcmQgZG9lc24ndCBkaXJlY3RseSBwYXJlbnQgdGhlIGNvbnRhaW5lci4gSXQgdXNlcyBhIGNsYXNzaWMgVW5peCB0cmljazogKipkb3VibGUgZm9yayoqLgoKMS4gY29udGFpbmVyZCBmb3JrcyDihpIgYGNvbnRhaW5lcmQtc2hpbWAgKGNoaWxkKQoyLiBgY29udGFpbmVyZC1zaGltYCBmb3JrcyDihpIgYGNvbnRhaW5lcmQtc2hpbS1ydW5jLXYyYCAoZ3JhbmRjaGlsZCkKMy4gYGNvbnRhaW5lcmQtc2hpbWAgZXhpdHMgaW1tZWRpYXRlbHkKNC4gYGNvbnRhaW5lcmQtc2hpbS1ydW5jLXYyYCBpcyBub3cgYW4gb3JwaGFuCjUuIExpbnV4IGtlcm5lbCByZXBhcmVudHMgaXQgdG8gUElEIDEgKHN5c3RlbWQpCgo+IFRoZXNlIHN0ZXBzIGFyZSBpbmZlcnJlZCBmcm9tIHRoZSBkb3VibGUgZm9yayBwYXR0ZXJuIGFuZCB0aGUgZmluYWwgcHJvY2VzcyB0cmVlIGNvbmZpcm1lZCBieSBwc3RyZWUgb3V0cHV0IGluIHRoZSBjbmJsb2dzIHJlZmVyZW5jZS4gTm8gc2luZ2xlIHNvdXJjZSBkb2N1bWVudHMgYWxsIGZpdmUgc3RlcHMgdG9nZXRoZXIuCgpgYGAKQmVmb3JlIChyaWdodCBhZnRlciBmb3JrKToKICBjb250YWluZXJkIChQSUQgNTAwKQogICAg4pSU4pSA4pSAIGNvbnRhaW5lcmQtc2hpbSAoUElEIDUwMSkKICAgICAgICAgIOKUlOKUgOKUgCBjb250YWluZXJkLXNoaW0tcnVuYy12MiAoUElEIDUwMikKCkFmdGVyIChjb250YWluZXJkLXNoaW0gZXhpdHMpOgogIGNvbnRhaW5lcmQgKFBJRCA1MDApICAgICAgICAgICAgICDihpAgbm8gbG9uZ2VyIHBhcmVudCBvZiBhbnl0aGluZwogIHN5c3RlbWQgKFBJRCAxKQogICAg4pSU4pSA4pSAIGNvbnRhaW5lcmQtc2hpbS1ydW5jLXYyIChQSUQgNTAyKSAgIOKGkCBhZG9wdGVkIGJ5IFBJRCAxCiAgICAgICAgICDilJTilIDilIAgY29udGFpbmVyIHByb2Nlc3MgKFBJRCA1MDMpCmBgYAoKY29udGFpbmVyZCBhbmQgc2hpbSBhcmUgbm8gbG9uZ2VyIGluIGEgcGFyZW50LWNoaWxkIHJlbGF0aW9uc2hpcC4gVGhleSBjb21tdW5pY2F0ZSBvdmVyIGEgdHRycGMgc29ja2V0LiBTb2NrZXQgY2FuIGRpc2Nvbm5lY3QgYW5kIHJlY29ubmVjdC4gUHJvY2VzcyB0cmVlIGNhbid0LgoKLS0tCgojIyBXaHkgb3JwaGFucyBkb24ndCBkaWUKCkEgY29tbW9uIG1pc2NvbmNlcHRpb246ICJwYXJlbnQgZGllcywgY2hpbGQgZGllcyB0b28uIiBXcm9uZy4gVGhhdCdzIG5vdCBob3cgTGludXggd29ya3MuCgo+IFBhcmVudCBkaWVzIOKGkiBjaGlsZCBnZXRzIGFkb3B0ZWQgYnkgUElEIDEg4oaSIGNoaWxkIGtlZXBzIHJ1bm5pbmcuCgpUaGUgY29uZnVzaW9uIGNvbWVzIGZyb20gKipzaGVsbHMqKi4gV2hlbiB5b3UgY2xvc2UgYSB0ZXJtaW5hbDoKCi0gVGVybWluYWwgY2xvc2VzIOKGkiBzZW5kcyBgU0lHSFVQYCB0byBiYXNoCi0gQmFzaCByZWNlaXZlcyBgU0lHSFVQYCDihpIgZm9yd2FyZHMgYFNJR0hVUGAgdG8gYWxsIGl0cyBjaGlsZHJlbgotIENoaWxkcmVuIHJlY2VpdmUgYFNJR0hVUGAg4oaSIGRlZmF1bHQgYmVoYXZpb3IgaXMgdG8gZXhpdAotIEJhc2ggZXhpdHMKClRoZSBjaGlsZHJlbiBkaWRuJ3QgZGllIGJlY2F1c2UgdGhlaXIgcGFyZW50IGRpZWQuIFRoZXkgZGllZCBiZWNhdXNlICoqYmFzaCBhY3RpdmVseSBraWxsZWQgdGhlbSBiZWZvcmUgZHlpbmcuKiogVGhhdCdzIHNoZWxsIGJlaGF2aW9yLCBub3Qga2VybmVsIGJlaGF2aW9yLgoKYG5vaHVwYCB3b3JrcyBieSBpZ25vcmluZyBTSUdIVVA6CgpgYGBiYXNoCm5vaHVwIHB5dGhvbiBzY3JpcHQucHkgJgojIGJhc2ggY2xvc2VzIOKGkiBzZW5kcyBTSUdIVVAg4oaSIHB5dGhvbiBpZ25vcmVzIGl0IOKGkiBweXRob24ga2VlcHMgcnVubmluZwojIGJhc2ggZGllcyDihpIgcHl0aG9uIGlzIG9ycGhhbiDihpIga2VybmVsIGdpdmVzIGl0IHRvIFBJRCAxCmBgYAoKY29udGFpbmVyZC1zaGltIGV4aXRzIHdpdGhvdXQgc2VuZGluZyBhbnkgc2lnbmFsLiBJdCdzIG5vdCBhIHNoZWxsLiBTbyBjb250YWluZXJkLXNoaW0tcnVuYy12MiBqdXN0IGJlY29tZXMgYW4gb3JwaGFuIGFuZCBrZWVwcyBydW5uaW5nLgoKLS0tCgojIyBXaGF0IHRoZSBzaGltIGFjdHVhbGx5IGRvZXMgYWxsIGRheQoKQWZ0ZXIgcnVuYyBleGl0cyBhbmQgdGhlIGNvbnRhaW5lciBpcyBydW5uaW5nLCB0aGUgc2hpbSBzaXRzIHRoZXJlIGFuZCBkb2VzIHRocmVlIHRoaW5nczoKCnwgSm9iIHwgV2h5IHwKfC0tLXwtLS18CnwgSG9sZCBzdGRpbi9zdGRvdXQvc3RkZXJyIHwgYGt1YmVjdGwgbG9nc2AgYW5kIGBrdWJlY3RsIGF0dGFjaGAgbmVlZCBhIGZpbGUgZGVzY3JpcHRvciB0byByZWFkIGZyb20uIHNoaW0ga2VlcHMgdGhlbSBvcGVuIHwKfCBDYWxsIGB3YWl0KClgIHdoZW4gY29udGFpbmVyIGRpZXMgfCBDb2xsZWN0cyBleGl0IGNvZGUuIFByZXZlbnRzIHpvbWJpZS4gUmVwb3J0cyBiYWNrIHRvIGNvbnRhaW5lcmQgfAp8IFJlc3BvbmQgdG8gY29udGFpbmVyZCBvdmVyIHR0cnBjIHwgY29udGFpbmVyZCBhc2tzICJpcyBpdCBzdGlsbCBydW5uaW5nPyIgb3IgImtpbGwgaXQuIiBzaGltIGV4ZWN1dGVzIHwKClRoYXQncyBpdC4gTW9zdCBvZiB0aGUgdGltZSB0aGUgc2hpbSBpcyBpZGxlLiBJdCB3YWtlcyB1cCB3aGVuIHRoZSBjb250YWluZXIgZXhpdHMgb3Igd2hlbiBjb250YWluZXJkIHNlbmRzIGEgcmVxdWVzdC4KCi0tLQoKIyMgdjEg4oaSIHYyOiBzYW1lIGpvYiwgYmV0dGVyIHBhY2thZ2luZwoKVGhlIGNvcmUgbWVjaGFuaXNtIChkb3VibGUgZm9yaywgcmVwYXJlbnQsIHdhaXQsIGhvbGQgc3RkaW8pIGlzIGlkZW50aWNhbCBpbiB2MSBhbmQgdjIuIFdoYXQgY2hhbmdlZDoKCioqdjE6IG9uZSBzaGltIHBlciBjb250YWluZXIqKgoKLSBQb2Qgd2l0aCAzIGNvbnRhaW5lcnMg4oaSIDMgc2hpbSBwcm9jZXNzZXMKLSAzMCBQb2RzIMOXIDIgY29udGFpbmVycyBhdmVyYWdlIOKGkiA2MCBzaGltIHByb2Nlc3NlcyBvbiBvbmUgTm9kZQotIEVhY2ggc2hpbSB1c2VzIGdSUEMgKEhUVFAvMiArIHByb3RvYnVmKSB0byB0YWxrIHRvIGNvbnRhaW5lcmQuIEhlYXZ5IGZvciBzbWFsbCBtZXNzYWdlcy4KCioqdjI6IG9uZSBzaGltIHBlciBQb2QqKgoKLSBQb2Qgd2l0aCAzIGNvbnRhaW5lcnMg4oaSIDEgc2hpbSBwcm9jZXNzIG1hbmFnaW5nIGFsbCB0aHJlZQotIDMwIFBvZHMg4oaSIDMwIHNoaW0gcHJvY2Vzc2VzIChub3QgNjApCi0gVXNlcyB0dHJwYyAocmF3IHNvY2tldCArIHByb3RvYnVmKSBpbnN0ZWFkIG9mIGdSUEMuIExpZ2h0ZXIuCgpUaGUgbmFtaW5nIGNvbnZlbnRpb24gYWxzbyBtYWRlIHJ1bnRpbWVzIHBsdWdnYWJsZToKCi0gYGNvbnRhaW5lcmQtc2hpbS1ydW5jLXYyYCDihpIgdXNlcyBydW5jIChkZWZhdWx0KQotIGBjb250YWluZXJkLXNoaW0tcnVuc2MtdjJgIOKGkiB1c2VzIGdWaXNvcgotIGBjb250YWluZXJkLXNoaW0ta2F0YS12MmAg4oaSIHVzZXMga2F0YQoKY29udGFpbmVyZCBwaWNrcyB0aGUgcmlnaHQgYmluYXJ5IGJhc2VkIG9uIHRoZSBQb2QncyBSdW50aW1lQ2xhc3MuIEFkZGluZyBhIG5ldyBydW50aW1lIG1lYW5zIGRyb3BwaW5nIGEgbmV3IGJpbmFyeSBvbiB0aGUgTm9kZS4KCi0tLQoKIyMgVGhlIGZ1bGwgcGljdHVyZQoKYGBgCmt1YmVsZXQKICDilIIgQ1JJIGNhbGw6ICJzdGFydCB0aGlzIFBvZCIKICDilrwKY29udGFpbmVyZAogIOKUgiBmb3JrCiAg4pa8CmNvbnRhaW5lcmQtc2hpbSAobWlkZGxlIHByb2Nlc3MpCiAg4pSCIGZvcmsKICDilrwKY29udGFpbmVyZC1zaGltLXJ1bmMtdjIgKGJhYnlzaXR0ZXIpIOKGkCByZXBhcmVudGVkIHRvIFBJRCAxCiAg4pSCIGV4ZWMKICDilrwKcnVuYwogIOKUgiBzZXQgdXAgbmFtZXNwYWNlcywgY2dyb3VwcywgY2hyb290CiAg4pSCIHN0YXJ0IGNvbnRhaW5lciBwcm9jZXNzCiAg4pSCIGV4aXQgKGpvYiBkb25lKQogIOKWvApjb250YWluZXIgcHJvY2VzcyAocnVubmluZykKICBwYXJlbnQgPSBjb250YWluZXJkLXNoaW0tcnVuYy12MgogIGdyYW5kcGFyZW50ID0gc3lzdGVtZCAoUElEIDEpCgpTdGVhZHkgc3RhdGUgKGNvbnRhaW5lcmQtc2hpbSBhbmQgcnVuYyBib3RoIGV4aXRlZCk6CgpzeXN0ZW1kIChQSUQgMSkKICDilJzilIDilIAgY29udGFpbmVyZAogIOKUlOKUgOKUgCBjb250YWluZXJkLXNoaW0tcnVuYy12MgogICAgICAgICAg4pSU4pSA4pSAIG5naW54IChjb250YWluZXIgUElEIDEpCmBgYAoKY29udGFpbmVyZCBhbmQgY29udGFpbmVyZC1zaGltLXJ1bmMtdjIgYXJlIHNpYmxpbmdzIHVuZGVyIHN5c3RlbWQuIE5vdCBwYXJlbnQtY2hpbGQuIFRoZXkgdGFsayBvdmVyIHR0cnBjIHNvY2tldCwgbm90IHByb2Nlc3MgdHJlZS4KCmBuZ2lueGAgc2hvd3MgUElEIDEgKippbnNpZGUgdGhlIGNvbnRhaW5lcidzIFBJRCBuYW1lc3BhY2UqKi4gRnJvbSB0aGUgaG9zdCwgaXQgaGFzIGEgbm9ybWFsIFBJRCBsaWtlIDUwMzIxLiBMaW51eCBQSUQgbmFtZXNwYWNlcyBnaXZlIGVhY2ggY29udGFpbmVyIGl0cyBvd24gbnVtYmVyaW5nLgoKY29udGFpbmVyZCBjYW4gbm93IGNyYXNoLCByZXN0YXJ0LCB1cGdyYWRlLiBzaGltIGlzIHN0aWxsIHRoZXJlLiBDb250YWluZXIga2VlcHMgcnVubmluZy4KCi0tLQoKIyMgUmVmZXJlbmNlcwoKLSBbQ29udGFpbmVyZOe7hOS7tiAtIGNvbnRhaW5lcmQtc2hpbS1ydW5jLXYy5L2c55SoIChjbmJsb2dzKV0oaHR0cHM6Ly93d3cuY25ibG9ncy5jb20vemhhbmdtaW5nY2hlbmcvcC8xNzUyNDcyMS5odG1sKQotIFtJbXBsZW1lbnRpbmcgQ29udGFpbmVyIFJ1bnRpbWUgU2hpbTogcnVuYyAoaXhpbWl1eildKGh0dHBzOi8vaXhpbWl1ei5jb20vZW4vcG9zdHMvaW1wbGVtZW50aW5nLWNvbnRhaW5lci1ydW50aW1lLXNoaW0vKQotIFtjb250YWluZXJkIHJ1bnRpbWUvdjIgUkVBRE1FIChvZmZpY2lhbCwgc2hpbSBBUEkgYW5kIHR0cnBjIGRlc2lnbildKGh0dHBzOi8vZ2l0aHViLmNvbS9jb250YWluZXJkL2NvbnRhaW5lcmQvYmxvYi9tYWluL2NvcmUvcnVudGltZS92Mi9SRUFETUUubWQpCi0gW1doYXQgYXJlIHRoZSBkaWZmZXJlbmNlcyBiZXR3ZWVuIHJ1bmMgdjEgYW5kIHYyPyAoY29udGFpbmVyZCBEaXNjdXNzaW9uICM3NDA3KV0oaHR0cHM6Ly9naXRodWIuY29tL2NvbnRhaW5lcmQvY29udGFpbmVyZC9kaXNjdXNzaW9ucy83NDA3KQotIFtTaGltIHYxIHZzIHYyIGFyY2hpdGVjdHVyZSBjb21wYXJpc29uIChvcGVuRXVsZXIsIEthdGEgcGVyc3BlY3RpdmUpXShodHRwczovL3d3dy5vcGVuZXVsZXIub3JnL2VuL2Jsb2cvZ2FvaHVhdGFvLzIwMjEtMDQtMDktaXN1bGFkLXNoaW12MS1zaGltdjItZGlmZi5odG1sKQo=