Essentially, it is init process inside container. In runc, init process eventually executes the entrypoint of container defined in config.json. In rune, init process never call execve() syscall. Instead, it serves for the communications between Enclave Runtime PAL and the host side through Enclave Runtime PAL API.
init-runelet is created by rune create, and runelet process on behalf of enclave application is created by rune exec.
This API defines the function calls between Enclave Runtime PAL and init-runelet.
The implementer of Enclave Runtime PAL API, on behalf of Enclave Runtime.
The implementer of enclave. Occlum, Graphene-SGX and WAMR (WebAssembly Micro Runtime) are all the so-called Enclave Runtime.
The actual running entity inside Enclave Runtime.
A new class of container managed by OCI Runtime rune.