Description
Manages OCI-compatible containers at the low-level runtime layer used beneath higher-level container tools. It is useful for container runtimes, orchestration systems, and administrators who need direct runtime control.
Container runtimes cross a major security boundary. Review namespaces, capabilities, mounts, seccomp, user IDs, and untrusted images before running containers.