diff --git a/LICENSES-AND-NOTICES/SPECS/LICENSES-MAP.md b/LICENSES-AND-NOTICES/SPECS/LICENSES-MAP.md
index bf93a05d117..a9942f9ccd1 100644
--- a/LICENSES-AND-NOTICES/SPECS/LICENSES-MAP.md
+++ b/LICENSES-AND-NOTICES/SPECS/LICENSES-MAP.md
@@ -9,7 +9,7 @@ The Azure Linux SPEC files originated from a variety of sources with varying lic
| Fedora (Copyright Remi Collet) | [CC-BY-SA 4.0](https://creativecommons.org/licenses/by-sa/4.0/legalcode) | libmemcached-awesome
librabbitmq |
| Fedora (ISC) | [ISC License](https://github.com/sarugaku/resolvelib/blob/main/LICENSE) | python-resolvelib |
| Magnus Edenhill Open Source | [Magnus Edenhill Open Source BSD License](https://github.com/jemalloc/jemalloc/blob/dev/COPYING) | librdkafka |
-| Microsoft | [Microsoft MIT License](/LICENSES-AND-NOTICES/LICENSE.md) | application-gateway-kubernetes-ingress
asc
azcopy
azure-iot-sdk-c
azure-nvme-utils
azure-storage-cpp
azurelinux-release
azurelinux-repos
azurelinux-rpm-macros
azurelinux-sysinfo
bazel
blobfuse2
bmon
bpftrace
ccache
cert-manager
cf-cli
check-restart
clamav
cloud-hypervisor-cvm
cmake-fedora
containerd
coredns
dcos-cli
debugedit
dejavu-fonts
distroless-packages
docker-buildx
docker-cli
docker-compose
doxygen
dtc
elixir
espeak-ng
espeakup
flannel
fluent-bit
freefont
gflags
gh
go-md2man
grpc
grub2-efi-binary-signed
GSL
gtk-update-icon-cache
helm
ig
intel-pf-bb-config
ivykis
jsonbuilder
jx
kata-containers-cc
kata-packages-uvm
keda
keras
kernel-64k-signed
kernel-signed
kernel-uki
kernel-uki-signed
kpatch
kube-vip-cloud-provider
kubernetes
libacvp
libconfini
libconfuse
libgdiplus
libmaxminddb
libmetalink
libsafec
libuv
libxml++
lld
local-path-provisioner
lsb-release
ltp
lttng-consume
mm-common
moby-containerd-cc
moby-engine
msgpack
ncompress
networkd-dispatcher
nlohmann-json
nmap
node-problem-detector
ntopng
opentelemetry-cpp
packer
pcaudiolib
pcre2
perl-Test-Warnings
perl-Text-Template
pigz
prebuilt-ca-certificates
prebuilt-ca-certificates-base
prometheus-adapter
python-cachetools
python-cherrypy
python-cstruct
python-execnet
python-google-pasta
python-libclang
python-libevdev
python-logutils
python-ml-dtypes
python-namex
python-nocasedict
python-omegaconf
python-opt-einsum
python-optree
python-pecan
python-pip
python-pyrpm
python-remoto
python-repoze-lru
python-routes
python-rsa
python-setuptools
python-sphinxcontrib-websupport
python-tensorboard
python-tensorboard-plugin-wit
python-yamlloader
R
rabbitmq-server
rocksdb
rubygem-addressable
rubygem-asciidoctor
rubygem-async
rubygem-async-http
rubygem-async-io
rubygem-async-pool
rubygem-bindata
rubygem-concurrent-ruby
rubygem-connection_pool
rubygem-console
rubygem-cool.io
rubygem-deep_merge
rubygem-digest-crc
rubygem-elastic-transport
rubygem-elasticsearch
rubygem-elasticsearch-api
rubygem-eventmachine
rubygem-excon
rubygem-faraday
rubygem-faraday-em_http
rubygem-faraday-em_synchrony
rubygem-faraday-excon
rubygem-faraday-httpclient
rubygem-faraday-multipart
rubygem-faraday-net_http
rubygem-faraday-net_http_persistent
rubygem-faraday-patron
rubygem-faraday-rack
rubygem-faraday-retry
rubygem-ffi
rubygem-fiber-local
rubygem-fluent-config-regexp-type
rubygem-fluent-logger
rubygem-fluent-plugin-elasticsearch
rubygem-fluent-plugin-kafka
rubygem-fluent-plugin-prometheus
rubygem-fluent-plugin-prometheus_pushgateway
rubygem-fluent-plugin-record-modifier
rubygem-fluent-plugin-rewrite-tag-filter
rubygem-fluent-plugin-systemd
rubygem-fluent-plugin-webhdfs
rubygem-fluent-plugin-windows-exporter
rubygem-fluentd
rubygem-hirb
rubygem-hocon
rubygem-hoe
rubygem-http_parser
rubygem-httpclient
rubygem-io-event
rubygem-jmespath
rubygem-ltsv
rubygem-mini_portile2
rubygem-minitest
rubygem-mocha
rubygem-msgpack
rubygem-multi_json
rubygem-multipart-post
rubygem-net-http-persistent
rubygem-nio4r
rubygem-nokogiri
rubygem-oj
rubygem-parallel
rubygem-power_assert
rubygem-prometheus-client
rubygem-protocol-hpack
rubygem-protocol-http
rubygem-protocol-http1
rubygem-protocol-http2
rubygem-public_suffix
rubygem-puppet-resource_api
rubygem-rdiscount
rubygem-rdkafka
rubygem-rexml
rubygem-ruby-kafka
rubygem-ruby-progressbar
rubygem-rubyzip
rubygem-semantic_puppet
rubygem-serverengine
rubygem-sigdump
rubygem-strptime
rubygem-systemd-journal
rubygem-test-unit
rubygem-thor
rubygem-timers
rubygem-tzinfo
rubygem-tzinfo-data
rubygem-webhdfs
rubygem-webrick
rubygem-yajl-ruby
rubygem-zip-zip
runc
sdbus-cpp
sgx-backwards-compatibility
shim
skopeo
span-lite
sriov-network-device-plugin
SymCrypt
SymCrypt-OpenSSL
systemd-boot-signed
tensorflow
tinyxml2
toml11
tracelogging
umoci
usrsctp
vala
valkey
vnstat
zstd |
+| Microsoft | [Microsoft MIT License](/LICENSES-AND-NOTICES/LICENSE.md) | application-gateway-kubernetes-ingress
asc
azcopy
azure-iot-sdk-c
azure-nvme-utils
azure-storage-cpp
azurelinux-release
azurelinux-repos
azurelinux-rpm-macros
azurelinux-sysinfo
bazel
blobfuse2
bmon
bpftrace
ccache
cert-manager
cf-cli
check-restart
clamav
cloud-hypervisor-cvm
cmake-fedora
containerd
containerd2
coredns
dcos-cli
debugedit
dejavu-fonts
distroless-packages
docker-buildx
docker-cli
docker-compose
doxygen
dtc
elixir
espeak-ng
espeakup
flannel
fluent-bit
freefont
gflags
gh
go-md2man
grpc
grub2-efi-binary-signed
GSL
gtk-update-icon-cache
helm
ig
intel-pf-bb-config
ivykis
jsonbuilder
jx
kata-containers-cc
kata-packages-uvm
keda
keras
kernel-64k-signed
kernel-signed
kernel-uki
kernel-uki-signed
kpatch
kube-vip-cloud-provider
kubernetes
libacvp
libconfini
libconfuse
libgdiplus
libmaxminddb
libmetalink
libsafec
libuv
libxml++
lld
local-path-provisioner
lsb-release
ltp
lttng-consume
mm-common
moby-containerd-cc
moby-engine
msgpack
ncompress
networkd-dispatcher
nlohmann-json
nmap
node-problem-detector
ntopng
opentelemetry-cpp
packer
pcaudiolib
pcre2
perl-Test-Warnings
perl-Text-Template
pigz
prebuilt-ca-certificates
prebuilt-ca-certificates-base
prometheus-adapter
python-cachetools
python-cherrypy
python-cstruct
python-execnet
python-google-pasta
python-libclang
python-libevdev
python-logutils
python-ml-dtypes
python-namex
python-nocasedict
python-omegaconf
python-opt-einsum
python-optree
python-pecan
python-pip
python-pyrpm
python-remoto
python-repoze-lru
python-routes
python-rsa
python-setuptools
python-sphinxcontrib-websupport
python-tensorboard
python-tensorboard-plugin-wit
python-yamlloader
R
rabbitmq-server
rocksdb
rubygem-addressable
rubygem-asciidoctor
rubygem-async
rubygem-async-http
rubygem-async-io
rubygem-async-pool
rubygem-bindata
rubygem-concurrent-ruby
rubygem-connection_pool
rubygem-console
rubygem-cool.io
rubygem-deep_merge
rubygem-digest-crc
rubygem-elastic-transport
rubygem-elasticsearch
rubygem-elasticsearch-api
rubygem-eventmachine
rubygem-excon
rubygem-faraday
rubygem-faraday-em_http
rubygem-faraday-em_synchrony
rubygem-faraday-excon
rubygem-faraday-httpclient
rubygem-faraday-multipart
rubygem-faraday-net_http
rubygem-faraday-net_http_persistent
rubygem-faraday-patron
rubygem-faraday-rack
rubygem-faraday-retry
rubygem-ffi
rubygem-fiber-local
rubygem-fluent-config-regexp-type
rubygem-fluent-logger
rubygem-fluent-plugin-elasticsearch
rubygem-fluent-plugin-kafka
rubygem-fluent-plugin-prometheus
rubygem-fluent-plugin-prometheus_pushgateway
rubygem-fluent-plugin-record-modifier
rubygem-fluent-plugin-rewrite-tag-filter
rubygem-fluent-plugin-systemd
rubygem-fluent-plugin-webhdfs
rubygem-fluent-plugin-windows-exporter
rubygem-fluentd
rubygem-hirb
rubygem-hocon
rubygem-hoe
rubygem-http_parser
rubygem-httpclient
rubygem-io-event
rubygem-jmespath
rubygem-ltsv
rubygem-mini_portile2
rubygem-minitest
rubygem-mocha
rubygem-msgpack
rubygem-multi_json
rubygem-multipart-post
rubygem-net-http-persistent
rubygem-nio4r
rubygem-nokogiri
rubygem-oj
rubygem-parallel
rubygem-power_assert
rubygem-prometheus-client
rubygem-protocol-hpack
rubygem-protocol-http
rubygem-protocol-http1
rubygem-protocol-http2
rubygem-public_suffix
rubygem-puppet-resource_api
rubygem-rdiscount
rubygem-rdkafka
rubygem-rexml
rubygem-ruby-kafka
rubygem-ruby-progressbar
rubygem-rubyzip
rubygem-semantic_puppet
rubygem-serverengine
rubygem-sigdump
rubygem-strptime
rubygem-systemd-journal
rubygem-test-unit
rubygem-thor
rubygem-timers
rubygem-tzinfo
rubygem-tzinfo-data
rubygem-webhdfs
rubygem-webrick
rubygem-yajl-ruby
rubygem-zip-zip
runc
sdbus-cpp
sgx-backwards-compatibility
shim
skopeo
span-lite
sriov-network-device-plugin
SymCrypt
SymCrypt-OpenSSL
systemd-boot-signed
tensorflow
tinyxml2
toml11
tracelogging
umoci
usrsctp
vala
valkey
vnstat
zstd |
| Netplan source | [GPLv3](https://github.com/canonical/netplan/blob/main/COPYING) | netplan |
| Numad source | [LGPLv2 License](https://www.gnu.org/licenses/old-licenses/lgpl-2.1.txt) | numad |
| NVIDIA | [ASL 2.0 License and spec specific licenses](http://www.apache.org/licenses/LICENSE-2.0) | libnvidia-container
mlnx-tools
mlx-bootctl
nvidia-container-toolkit
ofed-scripts
perftest |
diff --git a/LICENSES-AND-NOTICES/SPECS/data/licenses.json b/LICENSES-AND-NOTICES/SPECS/data/licenses.json
index 51aec95013e..80f62df89c0 100644
--- a/LICENSES-AND-NOTICES/SPECS/data/licenses.json
+++ b/LICENSES-AND-NOTICES/SPECS/data/licenses.json
@@ -2223,6 +2223,7 @@
"cloud-hypervisor-cvm",
"cmake-fedora",
"containerd",
+ "containerd2",
"coredns",
"dcos-cli",
"debugedit",
diff --git a/SPECS/containerd2/containerd.service b/SPECS/containerd2/containerd.service
new file mode 100644
index 00000000000..06b501178b9
--- /dev/null
+++ b/SPECS/containerd2/containerd.service
@@ -0,0 +1,15 @@
+[Unit]
+Description=containerd container runtime
+Documentation=https://containerd.io
+After=network.target
+
+[Service]
+ExecStartPre=/sbin/modprobe overlay
+ExecStart=/usr/bin/containerd
+Restart=always
+Delegate=yes
+KillMode=process
+OOMScoreAdjust=-999
+
+[Install]
+WantedBy=multi-user.target
diff --git a/SPECS/containerd2/containerd.toml b/SPECS/containerd2/containerd.toml
new file mode 100644
index 00000000000..422716a3c33
--- /dev/null
+++ b/SPECS/containerd2/containerd.toml
@@ -0,0 +1,9 @@
+version = 2
+[plugins]
+ [plugins."io.containerd.grpc.v1.cri"]
+ [plugins."io.containerd.grpc.v1.cri".containerd]
+ [plugins."io.containerd.grpc.v1.cri".containerd.runtimes]
+ [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
+ runtime_type = "io.containerd.runc.v2"
+ [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
+ SystemdCgroup = true
\ No newline at end of file
diff --git a/SPECS/containerd2/containerd2.signatures.json b/SPECS/containerd2/containerd2.signatures.json
new file mode 100644
index 00000000000..d49f7f913eb
--- /dev/null
+++ b/SPECS/containerd2/containerd2.signatures.json
@@ -0,0 +1,7 @@
+{
+ "Signatures": {
+ "containerd.service": "a07bfcf412669b06673190b0779f48e652c9adcf1758289e849a00802804eec8",
+ "containerd.toml": "5b3821236f09b4c858e0e098bbe1400f4dbbb47d360e39d21c61858b088c2896",
+ "containerd-2.0.0.tar.gz": "346d644e1b96e1f4a39bfe9d1eb0eb01ca676f806c12d95e5dbe35325bbc1780"
+ }
+}
\ No newline at end of file
diff --git a/SPECS/containerd2/containerd2.spec b/SPECS/containerd2/containerd2.spec
new file mode 100644
index 00000000000..79013cc94f4
--- /dev/null
+++ b/SPECS/containerd2/containerd2.spec
@@ -0,0 +1,85 @@
+%global debug_package %{nil}
+%define upstream_name containerd
+%define commit_hash 207ad711eabd375a01713109a8a197d197ff6542
+
+Summary: Industry-standard container runtime
+Name: %{upstream_name}2
+Version: 2.0.0
+Release: 1%{?dist}
+License: ASL 2.0
+Group: Tools/Container
+URL: https://www.containerd.io
+Vendor: Microsoft Corporation
+Distribution: Azure Linux
+
+Source0: https://github.com/containerd/containerd/archive/v%{version}.tar.gz#/%{upstream_name}-%{version}.tar.gz
+Source1: containerd.service
+Source2: containerd.toml
+
+%{?systemd_requires}
+
+BuildRequires: golang
+BuildRequires: go-md2man
+BuildRequires: make
+BuildRequires: systemd-rpm-macros
+
+Requires: runc >= 1.2.2
+
+%description
+containerd is an industry-standard container runtime with an emphasis on
+simplicity, robustness and portability. It is available as a daemon for Linux
+and Windows, which can manage the complete container lifecycle of its host
+system: image transfer and storage, container execution and supervision,
+low-level storage and network attachments, etc.
+
+containerd is designed to be embedded into a larger system, rather than being
+used directly by developers or end-users.
+
+%prep
+%autosetup -p1 -n %{upstream_name}-%{version}
+
+%build
+export BUILDTAGS="-mod=vendor"
+make VERSION="%{version}" REVISION="%{commit_hash}" binaries man
+
+%check
+export BUILDTAGS="-mod=vendor"
+make VERSION="%{version}" REVISION="%{commit_hash}" test
+
+%install
+make VERSION="%{version}" REVISION="%{commit_hash}" DESTDIR="%{buildroot}" PREFIX="/usr" install install-man
+
+mkdir -p %{buildroot}/%{_unitdir}
+install -D -p -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/containerd.service
+install -D -p -m 0644 %{SOURCE2} %{buildroot}%{_sysconfdir}/containerd/config.toml
+install -vdm 755 %{buildroot}/opt/containerd/{bin,lib}
+
+%post
+%systemd_post containerd.service
+
+if [ $1 -eq 1 ]; then # Package install
+ systemctl enable containerd.service > /dev/null 2>&1 || :
+ systemctl start containerd.service > /dev/null 2>&1 || :
+fi
+
+%preun
+%systemd_preun containerd.service
+
+%postun
+%systemd_postun_with_restart containerd.service
+
+%files
+%license LICENSE NOTICE
+%{_bindir}/*
+%{_mandir}/*
+%config(noreplace) %{_unitdir}/containerd.service
+%config(noreplace) %{_sysconfdir}/containerd/config.toml
+%dir /opt/containerd
+%dir /opt/containerd/bin
+%dir /opt/containerd/lib
+
+%changelog
+* Wed Dec 11 2024 Nan Liu - 2.0.0-1
+- Created a standalone package for containerd 2.0.0
+- Initial CBL-Mariner import from Azure
+- Initial version and License verified
\ No newline at end of file
diff --git a/cgmanifest.json b/cgmanifest.json
index 66a68e721c3..56265e4a96e 100644
--- a/cgmanifest.json
+++ b/cgmanifest.json
@@ -2022,6 +2022,16 @@
}
}
},
+ {
+ "component": {
+ "type": "other",
+ "other": {
+ "name": "containerd2",
+ "version": "2.0.0",
+ "downloadUrl": "https://github.com/containerd/containerd/archive/v2.0.0.tar.gz"
+ }
+ }
+ },
{
"component": {
"type": "other",