Youki is a low level container runtime written in Rust that implements the OCI Runtime Specification. Simply put, youki is a commandline tool that can create containers. Other runtimes in the same category you might have heard about are runc and crun. When you create a container using Docker or Podman the actual container creation is delegated to a tool like youki.
Why another container runtime?
Currently many container tools are implemented in Go which requires special handling when it comes to implementing a container runtime. Runc for example embeds a C program into its exectuable that handles setting up the namespaces as this is not possible in Go due to the multithreaded nature of the Go runtime.
On the other hand C could be used as a implementation language but this comes at the cost of memory safety and in addition C lacks high level language constructs that we have come to expect from a modern language.
Therefore while Go and C are perfectly fine languages, for this particular use case we believe that Rust with its cross section of low level control, memory safety and high level abstractions is uniquely suited for implementing a container runtime.
Youki has the potential to be faster and use less memory than runc, and therefore work in environments with tight memory usage requirements. Here is a simple benchmark of a container from creation to deletion. As with all benchmarks, this might not be representative of your own workloads
Time (mean ± σ)
Range (min … max)
198.4 ms ± 52.1 ms
97.2 ms … 296.1 ms
352.3 ms ± 53.3 ms
248.3 ms … 772.2 ms
153.5 ms ± 21.6 ms
80.9 ms … 196.6 ms
Details about the benchmark
A command used for the benchmark
$ hyperfine --prepare 'sudo sync; echo 3 | sudo tee /proc/sys/vm/drop_caches' --warmup 10 --min-runs 100 'sudo ./youki create -b tutorial a && sudo ./youki start a && sudo ./youki delete -f a'
A container runtime needs to implement many features that users have come to expect from a container runtime, that have not yet been incorporated into the OCI Runtime Specification. Despite this being the first release of youki, many features have already been implemented.
Running via Docker
Running via Podman
Change the root directory
Mount files and directories to container
Isolation of various resources
Limiting root privileges
Resource limitations, etc
Improved version of v1
Support is complete except for devices. WIP on #78
Contribution to the container runtime community We are trying to provide as much of the crates used to make youki to the community. Currently we are providing containers/oci-spec-rs as a crate, separated from youki’s main code. We have already crates available for cgroups, container creation, seccomp and oci-cli parsing which will be released at a later point in time.
Explore Youki does not provide any support for older kernels. By doing so, it has the potential to use new features such as io_uring, clone3 and webassembly.
We have fun implementing this. In fact, this might be the most important part.
🤝 Join youki!
Youki is always looking for people who want to learn about container runtimes in Rust, and for your input.