Difference between revisions of "GVisor"
Jump to navigation
Jump to search
Line 26: | Line 26: | ||
bazel build runsc |
bazel build runsc |
||
</pre> |
</pre> |
||
+ | |||
+ | Complete /etc/docker/daemon.json |
||
+ | <pre> |
||
+ | sudo vi /etc/docker/daemon.json |
||
+ | |||
+ | { |
||
+ | "runtimes": { |
||
+ | "runsc": { |
||
+ | "path": "/usr/local/bin/runsc" |
||
+ | } |
||
+ | } |
||
+ | } |
||
+ | |||
+ | sudo systemctl restart docker |
||
+ | </pre> |
||
+ | |||
Test |
Test |
||
<pre> |
<pre> |
||
docker run --runtime=runsc hello-world |
docker run --runtime=runsc hello-world |
||
+ | docker run --runtime=runsc -it ubuntu /bin/bash |
||
+ | </pre> |
||
+ | |||
+ | |||
+ | For debugging, Complete /etc/docker/daemon.json |
||
+ | <pre> |
||
+ | sudo vi /etc/docker/daemon.json |
||
+ | |||
+ | { |
||
+ | "runtimes": { |
||
+ | "runsc": { |
||
+ | "path": "/usr/local/bin/runsc", |
||
+ | "runtimeArgs": [ |
||
+ | "--debug-log-dir=/tmp/runsc", |
||
+ | "--debug", |
||
+ | "--strace" |
||
+ | ] |
||
+ | } |
||
+ | } |
||
+ | } |
||
+ | |||
+ | sudo systemctl restart docker |
||
</pre> |
</pre> |
||
Latest revision as of 15:11, 11 May 2018
gVisor : a new kind of sandbox that helps provide secure isolation for containers
https://github.com/google/gvisor
https://cloudplatform.googleblog.com/2018/05/Open-sourcing-gVisor-a-sandboxed-container-runtime.html
Installation
Install Bazel
git clone https://gvisor.googlesource.com/gvisor gvisor sudo apt-get install openjdk-8-jdk echo "deb [arch=amd64] http://storage.googleapis.com/bazel-apt stable jdk1.8" | sudo tee /etc/apt/sources.list.d/bazel.list curl https://bazel.build/bazel-release.pub.gpg | sudo apt-key add - sudo apt-get update && sudo apt-get install bazel bazel help bazel version sudo apt-get update && sudo apt-get upgrade bazel bazel version
Install gVisor
git clone https://gvisor.googlesource.com/gvisor gvisor cd gvisor bazel build runsc
Complete /etc/docker/daemon.json
sudo vi /etc/docker/daemon.json { "runtimes": { "runsc": { "path": "/usr/local/bin/runsc" } } } sudo systemctl restart docker
Test
docker run --runtime=runsc hello-world docker run --runtime=runsc -it ubuntu /bin/bash
For debugging, Complete /etc/docker/daemon.json
sudo vi /etc/docker/daemon.json { "runtimes": { "runsc": { "path": "/usr/local/bin/runsc", "runtimeArgs": [ "--debug-log-dir=/tmp/runsc", "--debug", "--strace" ] } } } sudo systemctl restart docker