diff --git a/sdk_container/src/third_party/coreos-overlay/app-containers/containerd/Manifest b/sdk_container/src/third_party/coreos-overlay/app-containers/containerd/Manifest
index f4c5c7b33d..237fcc5c6a 100644
--- a/sdk_container/src/third_party/coreos-overlay/app-containers/containerd/Manifest
+++ b/sdk_container/src/third_party/coreos-overlay/app-containers/containerd/Manifest
@@ -1,4 +1,2 @@
-DIST containerd-1.7.1.tar.gz 9682254 BLAKE2B f168070caf2b76f0be350a98f41bfdbfe6d78344d68821fb92a29f839a6e847d795e5b79436e36f985aa88028ff1c3f44f134cf6bd502ddac22453a457bd952b SHA512 e9b00ba8f4dd1b5b1088060d3822f684611d43b367ddfeb1bee1660140af85f31e9c9bfc600a67e8fc8645a625dc4e1919d9af7291bdeaa607bff7065a4fc945
-DIST containerd-1.7.2.tar.gz 9688701 BLAKE2B d31cd0e96bb2675390cc63d06114e37d532b7c666b3ffc5b0087dfcef8de23559471f08bf8a52b164c5f645faf1b8102ab2ccdd8ec417a1c74336097f0c3a899 SHA512 c0d4c02991b7e9fc341c4ef3df2d93097f5854a51b99596ed95436a79f7a586820bb8bb7c17fc43b5f38d97ea942e59490fbbf6c9710391ef9caae3d34627bc5
-DIST containerd-1.7.23.tar.gz 10192816 BLAKE2B 592e3a1992a637879f1669a660991f811db6f3d11a788c9809277b3fb9639d8b89445cbbca1de16ed45703e8506c8850d9ce68b64d1213817732d008a1847ea6 SHA512 4cb003a6ef2f9fe856665c3b7099e13b23cf07c77ed9a9ed50988d74de1933e3fe9463ae123635230f25cde38cd8a487133b11e20d829a79517c4d7fbe2ce012
-DIST containerd-1.7.6.tar.gz 9714550 BLAKE2B 863df1a8ab0f0fe6ec62893ed64824763c1b5230fe830fa268820ce0d6254c79e1ac62ab1261a74785b86b01dff83ea9109a899857fa47a48f2cf2eaf298fea8 SHA512 8b7e13c6ea544754ba7d53092d143f3fd2224b9bc874a33d8a00b781e719927f1b22ad5cd1e35b7b95e4890e630f4b92308549a970587ccdf9dbb8eb470e2703
+DIST containerd-2.0.1.tar.gz 10423945 BLAKE2B 7f77678557bf649c71475d3ff08a57579b8959ef19a5f8fc1c27b8e8eacea01572d44d3f6dff1f53b72c1b7cf153413a5152391a78b0d5bd624a4c5267381144 SHA512 7875eee0fb274545acb4d62f5bca808105580177db6007e59164fd57830ea3e8ab646b8e227027016bf8dd4816341d38a620bfef48bb0fd83de006b1a91826b7
+DIST containerd-2.0.2.tar.gz 10379986 BLAKE2B aee39f749f056965b899f6525bebe00d46b72b6c437efbd01ed890c5ae9c5d812464bc6d10e32aea20fd0c6df00d98cd30502dd73f9a27b0d8d143a5542976d9 SHA512 86eb24acfa5d4d87ae396f8888e2484693823fad897a29f1a5ada78e2318640927cfcff1e85415bfd6c66f5417e582203eb94976d52e3dd373997e6e2cbae354
diff --git a/sdk_container/src/third_party/coreos-overlay/app-containers/containerd/containerd-1.7.23.ebuild b/sdk_container/src/third_party/coreos-overlay/app-containers/containerd/containerd-1.7.23.ebuild
deleted file mode 100644
index 0ad8bec307..0000000000
--- a/sdk_container/src/third_party/coreos-overlay/app-containers/containerd/containerd-1.7.23.ebuild
+++ /dev/null
@@ -1,86 +0,0 @@
-# Copyright 2022-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-inherit go-module systemd
-GIT_REVISION=9b2ad7760328148397346d10c7b2004271249db4
-
-DESCRIPTION="A daemon to control runC"
-HOMEPAGE="https://containerd.io/"
-SRC_URI="https://github.com/containerd/containerd/archive/v${PV}.tar.gz -> ${P}.tar.gz"
-
-LICENSE="Apache-2.0"
-SLOT="0"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~riscv ~x86"
-IUSE="apparmor btrfs device-mapper +cri hardened +seccomp selinux test"
-
-DEPEND="
-	btrfs? ( sys-fs/btrfs-progs )
-	seccomp? ( sys-libs/libseccomp )
-"
-
-# recommended version of runc is found in script/setup/runc-version
-RDEPEND="
-	${DEPEND}
-	~app-containers/runc-1.1.14[apparmor?,seccomp?]
-"
-
-BDEPEND="
-	dev-go/go-md2man
-	virtual/pkgconfig
-"
-
-# tests require root or docker
-RESTRICT+="test"
-
-src_prepare() {
-	default
-	sed -i \
-		-e "s/-s -w//" \
-		-e "s/-mod=readonly//" \
-		Makefile || die
-	sed -i \
-		-e "s:/usr/local:/usr:" \
-		containerd.service || die
-}
-
-src_compile() {
-	local options=(
-		$(usev apparmor)
-		$(usex btrfs "" "no_btrfs")
-		$(usex cri "" "no_cri")
-		$(usex device-mapper "" "no_devmapper")
-		$(usev seccomp)
-		$(usev selinux)
-	)
-
-	myemakeargs=(
-		BUILDTAGS="${options[*]}"
-		LDFLAGS="$(usex hardened '-extldflags -fno-PIC' '')"
-		REVISION="${GIT_REVISION}"
-		VERSION=v${PV}
-	)
-
-	# race condition in man target https://bugs.gentoo.org/765100
-	# we need to explicitly specify GOFLAGS for "go run" to use vendor source
-	emake "${myemakeargs[@]}" man -j1 #nowarn
-	emake "${myemakeargs[@]}" all
-
-}
-
-src_install() {
-	rm "${D}"/bin/gen-manpages
-	dobin bin/*
-	doman man/*
-	newconfd "${FILESDIR}"/${PN}.confd "${PN}"
-	newinitd "${FILESDIR}"/${PN}.initd "${PN}"
-	systemd_dounit containerd.service
-	keepdir /var/lib/containerd
-
-	# we already installed manpages, remove markdown source
-	# before installing docs directory
-	rm -r docs/man || die
-
-	local DOCS=( ADOPTERS.md README.md RELEASES.md ROADMAP.md SCOPE.md docs/. )
-	einstalldocs
-}
diff --git a/sdk_container/src/third_party/coreos-overlay/app-containers/containerd/containerd-1.7.6.ebuild b/sdk_container/src/third_party/coreos-overlay/app-containers/containerd/containerd-1.7.6.ebuild
deleted file mode 100644
index 8ce5ddd813..0000000000
--- a/sdk_container/src/third_party/coreos-overlay/app-containers/containerd/containerd-1.7.6.ebuild
+++ /dev/null
@@ -1,86 +0,0 @@
-# Copyright 2022-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-inherit go-module systemd
-GIT_REVISION=091922f03c2762540fd057fba91260237ff86acb
-
-DESCRIPTION="A daemon to control runC"
-HOMEPAGE="https://containerd.io/"
-SRC_URI="https://github.com/containerd/containerd/archive/v${PV}.tar.gz -> ${P}.tar.gz"
-
-LICENSE="Apache-2.0"
-SLOT="0"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~riscv ~x86"
-IUSE="apparmor btrfs device-mapper +cri hardened +seccomp selinux test"
-
-DEPEND="
-	btrfs? ( sys-fs/btrfs-progs )
-	seccomp? ( sys-libs/libseccomp )
-"
-
-# recommended version of runc is found in script/setup/runc-version
-RDEPEND="
-	${DEPEND}
-	~app-containers/runc-1.1.9[apparmor?,seccomp?]
-"
-
-BDEPEND="
-	dev-go/go-md2man
-	virtual/pkgconfig
-"
-
-# tests require root or docker
-RESTRICT+="test"
-
-src_prepare() {
-	default
-	sed -i \
-		-e "s/-s -w//" \
-		-e "s/-mod=readonly//" \
-		Makefile || die
-	sed -i \
-		-e "s:/usr/local:/usr:" \
-		containerd.service || die
-}
-
-src_compile() {
-	local options=(
-		$(usev apparmor)
-		$(usex btrfs "" "no_btrfs")
-		$(usex cri "" "no_cri")
-		$(usex device-mapper "" "no_devmapper")
-		$(usev seccomp)
-		$(usev selinux)
-	)
-
-	myemakeargs=(
-		BUILDTAGS="${options[*]}"
-		LDFLAGS="$(usex hardened '-extldflags -fno-PIC' '')"
-		REVISION="${GIT_REVISION}"
-		VERSION=v${PV}
-	)
-
-	# race condition in man target https://bugs.gentoo.org/765100
-	# we need to explicitly specify GOFLAGS for "go run" to use vendor source
-	emake "${myemakeargs[@]}" man -j1 #nowarn
-	emake "${myemakeargs[@]}" all
-
-}
-
-src_install() {
-	rm "${D}"/bin/gen-manpages
-	dobin bin/*
-	doman man/*
-	newconfd "${FILESDIR}"/${PN}.confd "${PN}"
-	newinitd "${FILESDIR}"/${PN}.initd "${PN}"
-	systemd_dounit containerd.service
-	keepdir /var/lib/containerd
-
-	# we already installed manpages, remove markdown source
-	# before installing docs directory
-	rm -r docs/man || die
-
-	local DOCS=( ADOPTERS.md README.md RELEASES.md ROADMAP.md SCOPE.md docs/. )
-	einstalldocs
-}
diff --git a/sdk_container/src/third_party/coreos-overlay/app-containers/containerd/containerd-1.7.1-r1.ebuild b/sdk_container/src/third_party/coreos-overlay/app-containers/containerd/containerd-2.0.1.ebuild
similarity index 85%
rename from sdk_container/src/third_party/coreos-overlay/app-containers/containerd/containerd-1.7.1-r1.ebuild
rename to sdk_container/src/third_party/coreos-overlay/app-containers/containerd/containerd-2.0.1.ebuild
index cc7ea05162..82e4dbe7a8 100644
--- a/sdk_container/src/third_party/coreos-overlay/app-containers/containerd/containerd-1.7.1-r1.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/app-containers/containerd/containerd-2.0.1.ebuild
@@ -1,9 +1,9 @@
-# Copyright 2022-2023 Gentoo Authors
+# Copyright 2022-2025 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=8
 inherit go-module systemd
-GIT_REVISION=2806fc1057397dbaeefbea0e4e17bddfbd388f38
+GIT_REVISION=88aa2f531d6c2922003cc7929e51daf1c14caa0a
 
 DESCRIPTION="A daemon to control runC"
 HOMEPAGE="https://containerd.io/"
@@ -14,15 +14,19 @@ SLOT="0"
 KEYWORDS="amd64 ~arm arm64 ppc64 ~riscv ~x86"
 IUSE="apparmor btrfs device-mapper +cri hardened +seccomp selinux test"
 
-DEPEND="
+COMMON_DEPEND="
 	btrfs? ( sys-fs/btrfs-progs )
 	seccomp? ( sys-libs/libseccomp )
 "
 
-# recommended version of runc is found in script/setup/runc-version
+DEPEND="
+${COMMON_DEPEND}
+"
+
+# recommended minimum version of runc is found in script/setup/runc-version
 RDEPEND="
-	${DEPEND}
-	~app-containers/runc-1.1.7[apparmor?,seccomp?]
+	${COMMON_DEPEND}
+	>=app-containers/runc-1.2.1[apparmor?,seccomp?]
 "
 
 BDEPEND="
@@ -69,7 +73,7 @@ src_compile() {
 }
 
 src_install() {
-	rm "${D}"/bin/gen-manpages
+	rm bin/gen-manpages || die
 	dobin bin/*
 	doman man/*
 	newconfd "${FILESDIR}"/${PN}.confd "${PN}"
diff --git a/sdk_container/src/third_party/coreos-overlay/app-containers/containerd/containerd-1.7.2.ebuild b/sdk_container/src/third_party/coreos-overlay/app-containers/containerd/containerd-2.0.2.ebuild
similarity index 85%
rename from sdk_container/src/third_party/coreos-overlay/app-containers/containerd/containerd-1.7.2.ebuild
rename to sdk_container/src/third_party/coreos-overlay/app-containers/containerd/containerd-2.0.2.ebuild
index 498fb8d90a..37fb931e51 100644
--- a/sdk_container/src/third_party/coreos-overlay/app-containers/containerd/containerd-1.7.2.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/app-containers/containerd/containerd-2.0.2.ebuild
@@ -1,9 +1,9 @@
-# Copyright 2022-2023 Gentoo Authors
+# Copyright 2022-2025 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=8
 inherit go-module systemd
-GIT_REVISION=0cae528dd6cb557f7201036e9f43420650207b58
+GIT_REVISION=c507a0257ea6462fbd6f5ba4f5c74facb04021f4
 
 DESCRIPTION="A daemon to control runC"
 HOMEPAGE="https://containerd.io/"
@@ -14,15 +14,19 @@ SLOT="0"
 KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~riscv ~x86"
 IUSE="apparmor btrfs device-mapper +cri hardened +seccomp selinux test"
 
-DEPEND="
+COMMON_DEPEND="
 	btrfs? ( sys-fs/btrfs-progs )
 	seccomp? ( sys-libs/libseccomp )
 "
 
-# recommended version of runc is found in script/setup/runc-version
+DEPEND="
+${COMMON_DEPEND}
+"
+
+# recommended minimum version of runc is found in script/setup/runc-version
 RDEPEND="
-	${DEPEND}
-	~app-containers/runc-1.1.7[apparmor?,seccomp?]
+	${COMMON_DEPEND}
+	>=app-containers/runc-1.2.4[apparmor?,seccomp?]
 "
 
 BDEPEND="
@@ -69,7 +73,7 @@ src_compile() {
 }
 
 src_install() {
-	rm "${D}"/bin/gen-manpages
+	rm bin/gen-manpages || die
 	dobin bin/*
 	doman man/*
 	newconfd "${FILESDIR}"/${PN}.confd "${PN}"
diff --git a/sdk_container/src/third_party/coreos-overlay/app-containers/containerd/metadata.xml b/sdk_container/src/third_party/coreos-overlay/app-containers/containerd/metadata.xml
index 5d63e8606e..4ee50fa856 100644
--- a/sdk_container/src/third_party/coreos-overlay/app-containers/containerd/metadata.xml
+++ b/sdk_container/src/third_party/coreos-overlay/app-containers/containerd/metadata.xml
@@ -12,10 +12,6 @@
 		<email>williamh@gentoo.org</email>
 		<name>William Hubbs</name>
 	</maintainer>
-	<maintainer type="person">
-		<email>gyakovlev@gentoo.org</email>
-		<name>Georgy Yakovlev</name>
-	</maintainer>
 	<use>
 	<flag name="btrfs">Support for BTRFS snapshot driver</flag>
 	<flag name="cri">Support for Kubernetes CRI</flag>