DEV Community: Santhosh The latest articles on DEV Community by Santhosh (@santhosh_jack). https://dev.to/santhosh_jack https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3941040%2Fc6e6e4d1-dc72-4fd7-a99e-da0d165ea513.jpeg DEV Community: Santhosh https://dev.to/santhosh_jack en I Built My Own Container Runtime from Scratch Using Only Linux (No Docker, No containerd, No LXC) Santhosh Mon, 01 Jun 2026 07:49:28 +0000 https://dev.to/santhosh_jack/i-built-my-own-container-runtime-from-scratch-using-only-linux-no-docker-no-containerd-no-lxc-3l17 https://dev.to/santhosh_jack/i-built-my-own-container-runtime-from-scratch-using-only-linux-no-docker-no-containerd-no-lxc-3l17 <p>I’ve been using Docker for a while, but at some point I realized I didn’t actually understand what it was doing under the hood.<br> How does a process suddenly get its own filesystem, its own network, its own environment?</p> <p>So instead of reading more blogs, I decided to build it myself.<br> No Docker. No containerd. No LXC.<br> Just namespaces, cgroups, networking, and filesystem isolation.</p> <p>That’s how I ended up building <strong>LXR (Linux Container Runtime)</strong> written in Go, using only Linux primitives.</p> <p><strong>The idea</strong></p> <p>Build containers from scratch and make them usable for real development.</p> <p>LXR not only creates containers, but also lets you work inside them directly from the browser or terminal, while the runtime handles everything underneath.</p> <p>So LXR can:</p> <ol> <li>pull images from Docker Hub</li> <li>extract rootfs</li> <li>create isolated containers</li> <li>configure networking (veth + bridge + IP allocation)</li> <li>provide shell access via lxr exec</li> <li>run code-server inside containers for browser access</li> </ol> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F7rfcrcx4lng07pwzxha6.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F7rfcrcx4lng07pwzxha6.png" alt=" "></a></p> <p><strong>Using it</strong></p> <p>From the outside, it looks simple:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>lxr create <span class="nt">--name</span> goCon golang </code></pre> </div> <p><strong>But internally</strong>, this triggers a full setup.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F57w84wfg04r9m64g74rb.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F57w84wfg04r9m64g74rb.png" alt=" "></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F592x9wf8s9yc59vl9hbb.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F592x9wf8s9yc59vl9hbb.png" alt=" "></a></p> <p><strong>What actually happens:</strong></p> <ol> <li>image layers are pulled</li> <li>dependencies are installed into the image rootfs</li> <li>root filesystem is prepared</li> <li>overlay filesystem is created</li> <li>networking is configured</li> <li>IP is allocated</li> <li>container process is started</li> <li>code-server is launched</li> </ol> <p>All of this... just to start one container.</p> <p><strong>Result</strong></p> <p>Once containers are running:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>lxr ps </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F1cvdbqh0iqdb6aoxms69.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F1cvdbqh0iqdb6aoxms69.png" alt=" "></a></p> <p>Each container has:</p> <ol> <li>its own PID</li> <li>its own IP</li> <li>its own network namespace</li> <li>its own filesystem (OverlayFS)</li> </ol> <p>At this point, LXR behaves as an real container runtime.</p> <p><strong>The first problem</strong></p> <p>The first issue wasn’t networking or filesystem.<br> It was just starting a process.</p> <p>I tried running containers as a non-root user, but it didn’t work the way I expected.Processes failed to start or behaved inconsistently due to restrictions.</p> <p>This turned out to be related to how Linux handles namespaces and permissions.</p> <p>I’ll cover that part in the upcoming post.</p> linux containers webdev