diff --git a/sdk_container/src/third_party/coreos-overlay/app-containers/containerd/Manifest b/sdk_container/src/third_party/coreos-overlay/app-containers/containerd/Manifest
new file mode 100644
index 0000000000..c2a0b028b1
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/app-containers/containerd/Manifest
@@ -0,0 +1 @@
+DIST containerd-2.1.4.tar.gz 10614131 BLAKE2B b8f4007b4bb368a1fa04c913d606f65d2ea4a17a6419ce12f2b6112eee2574d7a09fb8e2500d1c2f21bef8792dc047df4d63446211ae006662e616facda91f24 SHA512 a9f84784e917621ee5ea38ad20b8106e642fbf463a00d319b73a1a8e4d1fdd5be2fba0789b6a5d31107ef239d3713eced99ce979d4b2764714271a63c0936c15
diff --git a/sdk_container/src/third_party/coreos-overlay/app-containers/containerd/containerd-2.1.4.ebuild b/sdk_container/src/third_party/coreos-overlay/app-containers/containerd/containerd-2.1.4.ebuild
new file mode 100644
index 0000000000..c697a6ff2b
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/app-containers/containerd/containerd-2.1.4.ebuild
@@ -0,0 +1,95 @@
+# Copyright 2022-2025 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+inherit go-env go-module systemd toolchain-funcs
+GIT_REVISION=cb1076646aa3740577fafbf3d914198b7fe8e3f7
+
+DESCRIPTION="A daemon to control runC"
+HOMEPAGE="https://containerd.io/"
+SRC_URI="https://github.com/containerd/containerd/archive/v${PV}.tar.gz -> ${P}.tar.gz"
+
+LICENSE="Apache-2.0"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~riscv ~x86"
+IUSE="apparmor btrfs device-mapper +cri hardened +seccomp selinux test"
+
+COMMON_DEPEND="
+	btrfs? ( sys-fs/btrfs-progs )
+	seccomp? ( sys-libs/libseccomp )
+"
+
+DEPEND="
+${COMMON_DEPEND}
+"
+
+# recommended minimum version of runc is found in script/setup/runc-version
+RDEPEND="
+	${COMMON_DEPEND}
+	>=app-containers/runc-1.3.0[apparmor?,seccomp?]
+"
+
+BDEPEND="
+	dev-go/go-md2man
+	virtual/pkgconfig
+"
+
+# tests require root or docker
+RESTRICT+="test"
+
+src_prepare() {
+	default
+	sed -i \
+		-e "s/-s -w//" \
+		-e "s/-mod=readonly//" \
+		Makefile || die
+	sed -i \
+		-e "s:/usr/local:/usr:" \
+		containerd.service || die
+}
+
+src_compile() {
+	local options=(
+		$(usev apparmor)
+		$(usex btrfs "" "no_btrfs")
+		$(usex cri "" "no_cri")
+		$(usex device-mapper "" "no_devmapper")
+		$(usev seccomp)
+		$(usev selinux)
+	)
+
+	myemakeargs=(
+		BUILDTAGS="${options[*]}"
+		LDFLAGS="$(usex hardened '-extldflags -fno-PIC' '')"
+		REVISION="${GIT_REVISION}"
+		VERSION=v${PV}
+	)
+
+	# The Go env is already set, but reset it for CBUILD in a subshell to allow
+	# building the man pages when cross-compiling.
+	(
+		CHOST="${CBUILD}" go-env_set_compile_environment
+		# race condition in man target https://bugs.gentoo.org/765100
+		tc-env_build emake "${myemakeargs[@]}" man -j1 #nowarn
+	)
+
+	emake "${myemakeargs[@]}" all
+
+}
+
+src_install() {
+	rm bin/gen-manpages || die
+	dobin bin/*
+	doman man/*
+	newconfd "${FILESDIR}"/${PN}.confd "${PN}"
+	newinitd "${FILESDIR}"/${PN}.initd "${PN}"
+	systemd_dounit containerd.service
+	keepdir /var/lib/containerd
+
+	# we already installed manpages, remove markdown source
+	# before installing docs directory
+	rm -r docs/man || die
+
+	local DOCS=( ADOPTERS.md README.md RELEASES.md ROADMAP.md SCOPE.md docs/. )
+	einstalldocs
+}
diff --git a/sdk_container/src/third_party/coreos-overlay/app-containers/containerd/files/containerd.confd b/sdk_container/src/third_party/coreos-overlay/app-containers/containerd/files/containerd.confd
new file mode 100644
index 0000000000..22ef83205e
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/app-containers/containerd/files/containerd.confd
@@ -0,0 +1,3 @@
+# This is the delay to be used in the start_post function to wait for
+# the socket to be active.
+#containerd_socket_delay=5
diff --git a/sdk_container/src/third_party/coreos-overlay/app-containers/containerd/files/containerd.initd b/sdk_container/src/third_party/coreos-overlay/app-containers/containerd/files/containerd.initd
new file mode 100644
index 0000000000..143305c033
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/app-containers/containerd/files/containerd.initd
@@ -0,0 +1,26 @@
+#!/sbin/openrc-run
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+description="Containerd container runtime"
+command="/usr/bin/containerd"
+command_args="${command_args:-}"
+command_background="true"
+pidfile="${pidfile:-/run/${RC_SVCNAME}.pid}"
+start_stop_daemon_args="--stderr /var/log/${RC_SVCNAME}/${RC_SVCNAME}.log --stdout /var/log/${RC_SVCNAME}/${RC_SVCNAME}.log"
+
+start_pre() {
+	checkpath -m 0750 -d "/var/log/${RC_SVCNAME}"
+
+	ulimit -n 1048576
+
+	# Having non-zero limits causes performance problems due to accounting overhead
+	# in the kernel. We recommend using cgroups to do container-local accounting.
+	ulimit -u unlimited
+
+	return 0
+}
+
+start_post() {
+	ewaitfile ${containerd_socket_delay:-5} /run/containerd/containerd.sock
+}
diff --git a/sdk_container/src/third_party/coreos-overlay/app-containers/containerd/metadata.xml b/sdk_container/src/third_party/coreos-overlay/app-containers/containerd/metadata.xml
new file mode 100644
index 0000000000..4ee50fa856
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/app-containers/containerd/metadata.xml
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+	<longdescription>
+		Containerd is a daemon with an API and a command line client, to manage
+		containers on one machine. It uses runC to run containers according to
+		the OCI specification. Containerd has advanced features such as seccomp
+		and user namespace support as well as checkpoint and restore for cloning
+		and live migration of containers.
+	</longdescription>
+	<maintainer type="person">
+		<email>williamh@gentoo.org</email>
+		<name>William Hubbs</name>
+	</maintainer>
+	<use>
+	<flag name="btrfs">Support for BTRFS snapshot driver</flag>
+	<flag name="cri">Support for Kubernetes CRI</flag>
+	<flag name="device-mapper">Support for device mapper snapshot driver</flag>
+	</use>
+	<upstream>
+		<remote-id type="github">containerd/containerd</remote-id>
+		<remote-id type="cpe">cpe:/a:linuxfoundation:containerd</remote-id>
+	</upstream>
+</pkgmetadata>
diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords
index 7cb022bab6..978d0da382 100644
--- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords
+++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords
@@ -122,3 +122,5 @@ sys-apps/azure-vm-utils
 
 # erofs
 =sys-fs/erofs-utils-1.8.10 ~amd64 ~arm64
+=app-containers/containerd-2.1* ~amd64 ~arm64
+=app-containers/runc-1.3* ~amd64 ~arm64