urunc is an OCI-compliant container runtime for unikernels. Where runc spawns a Linux process in namespaces and cgroups, urunc takes the same OCI bundle and instead boots the contained unikernel image on top of a virtual machine monitor or sandbox (QEMU, Firecracker, solo5, and others).
The point is to let unikernels participate in the existing container ecosystem. A unikernel image is packaged into a standard OCI artifact, stored in any registry, and scheduled by containerd, CRI-O, or Kubernetes just like a normal container. urunc reads the OCI spec, picks the appropriate VMM based on annotations, and launches the unikernel with the right devices and network plumbing. This gives workloads hardware-level isolation and very small attack surfaces without forcing operators to adopt an entirely separate orchestration stack.
urunc is a CNCF sandbox project, developed by Nubificus, and is primarily useful for edge, multi-tenant, and security-sensitive scenarios where unikernel boot times and footprint matter.