Sysbox
An open-source, next-generation container runtime (runc).
Works below Docker / Containerd (no need to learn new tools).
Enables containers to run software such as Docker, Kubernetes, and legacy apps, seamlessly & securely.
We call these System Containers.

No need to learn new tools. Use Docker as usual.
Features
Anything-in-Docker
Systemd-in-Docker, Docker-in-Docker, Kubernetes-in-Docker, etc. Plus legacy apps too.
​
OCI-Based
Use Docker (and soon) Kubernetes to deploy the containers. Sysbox works under the covers. No need to learn new tools.
Secure
Strong isolation via Linux user namespace, procfs and sysfs virtualization, and more. Voids need for unsecure privileged containers.
Fast & Efficient
Unmatched speed & efficiency: Deploy a 10-node K8s cluster in under 2 minutes and with only 1GB storage overhead!
See here for a full analysis.
Easy
Use simple Docker run commands and container images that you fully control. No need for complex images, host mounts, or custom container entrypoints.
Baked-in Containers
Easily preload container or pod images using a simple Dockerfile or Docker commit.
Run system containers along-side regular containers, without conflict.
Sysbox is Unique ...
It's the only solution to enable deployment of "VM-like" containers using Docker (and soon K8s),
with strong isolation, bare-metal performance, and no VM overhead.
​

Design Philosophy
Sysbox is designed with a simple principle:
Any software that runs in a VM should run in a container, seamlessly and with strong isolation.
​
No need for complex Docker commands, images, entrypoints, or unsecure containers.