Docker largely follows the Open Container Initiative (OCI), which provides a specification for various pieces of a container runtime and management environment.
Relevant code and specifications are linked below.
Note that much of the code is written in Go, which shares many similarities with C.
Syscalls in Go are typically similar in syntax to their equivalents in C.
For example, the write syscall in C:
ssize_t write(int fd, const void * buf, size_t count)
is similar to the write syscall in Go:
func syscall.Write(fd int, p []byte) (n int, err error)
The OCI Runtime Specification "aims to specify the configuration, execution environment, and lifecycle of a container." Sections of interest include:
The 5 principles of Standard Containers, which defines the format to specify a container as an encapsulated software component, including all of its dependencies, in a way that is self-describing and portable.
The Runtime and Lifecycle page describes how a container is started, how its running state is maintained, and how it can be stopped. Linux-specific documentation is available on the Linux Runtime page.
The Configuration page describes the configuration file, which "contains metadata necessary to implement standard operations against the container. This includes the process to run, environment variables to inject, sandboxing features to use, etc." Linux-specific documentation is available on the Linux Container Configuration page.
The OCI Image Format Specification "defines an OCI Image, consisting of a manifest, an image index (optional), a set of filesystem layers, and a configuration. The goal of this specification is to enable the creation of interoperable tools for building, transporting, and preparing a container image to run." Sections of interest include:
The OCI Content Descriptors, page, which describes how components in an image reference each other.
The OCI Image Manifest Specification page describes how the set of layers for a single container image are configured for a specific architecture and OS.
The Image Layer Filesystem Changeset page describes how layers serialize a filesystem and changes to it (addition/deletion/modification of files).
The OCI Image Configuration page describes the overall configuration and format of an image.
The Configuration page describes the configuration file, which "contains metadata necessary to implement standard operations against the container. This includes the process to run, environment variables to inject, sandboxing features to use, etc." Linux-specific documentation is available on the Linux Container Configuration page.
The runc utility is a command-line tool that automates much of the initialization of a container
(establishing namespaces, cgroups, etc.) on Linux.
It is used by Docker's containerd process to launch containers from image specifications.
The complete runc codebase is available as a
GitHub repository,
and is written primarily in Go.
OCI's specification for runc can be found in the
README file of the repository.