It replaces `runc` which is used by most non-docker container runtimes to actually start the container. Thus the punny name.

When using kubernetes, the hierarchy is as follows:

  1. kubernetes master tells kubelet what to do (sort of, not important here)
  2. kubelet uses CRI-compatible runtime to start containers
  3. containerd or CRI-O handle management of containers and start them using runc or crun
  4. runc/crun are the applications that setup the final environment of application to run in container, using resources (mounts, devices, etc) provided to them by upper layers. They also handle things like sending stdout/stderr to logs, or setting up a pseudoterminal to talk to a program in container, etc.