Design a container runtime using Linux namespaces, cgroups v2, pivot_root, and seccomp — implementing the OCI runtime spec to run isolated workloads on a single host.
## Problem
Design a low-level container runtime that can take an OCI-compliant container image and run it as an isolated process on a Linux host. Your runtime should provide the same fundamental isolation primitives that Docker and containerd rely on — Linux namespaces for visibility isolation, cgroup for resource limits, and security mechanisms to prevent container escape.
Sign up to access the full problem
Design canvas, rubric, hints, and model solutions.
Junior · Conceptual