Home Explore Blog CI



docker
3rd chunk of `content/manuals/engine/daemon/alternative-runtimes.md`
bcf4eee56ed8ac3be1e157922201c6b289da75be2ce5bf500000000100000c7b
making it a good choice for resource-constrained environments.

youki functions as a drop-in replacement for runc, meaning it relies on the
runc shim to invoke the runtime binary. When you register runtimes acting as
runc replacements, you configure the path to the runtime executable, and
optionally a set of runtime arguments. For more information, see
[Configure runc drop-in replacements](/reference/cli/dockerd.md#configure-runc-drop-in-replacements).

To add youki as a container runtime:

1. Install youki and its dependencies.

   For instructions, refer to the
   [official setup guide](https://youki-dev.github.io/youki/user/basic_setup.html).

2. Register youki as a runtime for Docker by editing the Docker daemon
   configuration file, located at `/etc/docker/daemon.json` by default.

   The `path` key should specify the path to wherever you installed youki.

   ```console
   # cat > /etc/docker/daemon.json <<EOF
   {
     "runtimes": {
       "youki": {
         "path": "/usr/local/bin/youki"
       }
     }
   }
   EOF
   ```

3. Reload the daemon's configuration.

   ```console
   # systemctl reload docker
   ```

Now you can run containers that use youki as a runtime.

```console
$ docker run --rm --runtime youki hello-world
```

### Wasmtime

{{< summary-bar feature_name="Wasmtime" >}}

Wasmtime is a
[Bytecode Alliance](https://bytecodealliance.org/)
project, and a Wasm runtime that lets you run Wasm containers.
Running Wasm containers with Docker provides two layers of security.
You get all the benefits from container isolation,
plus the added sandboxing provided by the Wasm runtime environment.

To add Wasmtime as a container runtime, follow these steps:

1. Turn on the [containerd image store](/manuals/engine/storage/containerd.md)
   feature in the daemon configuration file.

   ```json
   {
     "features": {
       "containerd-snapshotter": true
     }
   }
   ```

2. Restart the Docker daemon.

   ```console
   # systemctl restart docker
   ```

3. Install the Wasmtime containerd shim on `PATH`.

   The following command Dockerfile builds the Wasmtime binary from source
   and exports it to `./containerd-shim-wasmtime-v1`.

   ```console
   $ docker build --output . - <<EOF
   FROM rust:latest as build
   RUN cargo install \
       --git https://github.com/containerd/runwasi.git \
       --bin containerd-shim-wasmtime-v1 \
       --root /out \
       containerd-shim-wasmtime
   FROM scratch
   COPY --from=build /out/bin /
   EOF
   ```

   Put the binary in a directory on `PATH`.

   ```console
   $ mv ./containerd-shim-wasmtime-v1 /usr/local/bin
   ```

Now you can run containers that use Wasmtime as a runtime.

```console
$ docker run --rm \
 --runtime io.containerd.wasmtime.v1 \
 --platform wasi/wasm32 \
 michaelirwin244/wasm-example
```

## Related information

- To learn more about the configuration options for container runtimes,
  see [Configure container runtimes](/reference/cli/dockerd.md#configure-container-runtimes).
- You can configure which runtime that the daemon should use as its default.
  Refer to [Configure the default container runtime](/reference/cli/dockerd.md#configure-the-default-container-runtime).
Title: Configuring and Using Wasmtime as an Alternative Container Runtime
Summary
This section continues demonstrating alternative container runtimes, focusing on Wasmtime, a Wasm runtime that enables running Wasm containers, thus adding an additional layer of security through sandboxing. To configure Wasmtime, the containerd image store must be enabled in the daemon configuration file, and the Docker daemon restarted. It also requires installing the Wasmtime containerd shim on the system's PATH. This is done by building the Wasmtime binary from source using a Dockerfile and moving it to a directory on the PATH. Once configured, containers can be run using Wasmtime as the runtime, specifying the appropriate runtime flag and platform.