While most of the tools used in the Linux containers ecosystem are written in Go, crun authors believe C is a better fit for a lower level tool like a container runtime. runc; the most used implementation of the OCI runtime specs written in Go, re-execs itself and use a module written in C for setting up the environment before the container process starts. crun aims to be also usable as a library that can be easily included in programs without requiring an external process for managing OCI containers. https://github.com/containers/crun/releases containers/crun Enable in Kernel, eBPF (enhanced Berkley Packet Filter) support for managing device controllers.