Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

docker in gVisor: I am one with the force, the force is with me #202

Closed
amscanne opened this issue Apr 19, 2019 · 14 comments
Closed

docker in gVisor: I am one with the force, the force is with me #202

amscanne opened this issue Apr 19, 2019 · 14 comments
Assignees
@avagin
Labels
area: compatibility Issue related to (Linux) kernel compatibility auto-closed exported Issue was exported automatically priority: p3 Low priority type: bug Something isn't working

Comments

@amscanne
Copy link
Contributor

Startup is currently blocked by oom_score_adj, but there are many additional blockers.
@amscanne amscanne self-assigned this Apr 19, 2019
@amscanne amscanne added area: compatibility Issue related to (Linux) kernel compatibility type: bug Something isn't working exported Issue was exported automatically priority: p3 Low priority labels Apr 19, 2019
@akoenig
Copy link

akoenig commented May 1, 2019

Running Docker in a gVisor shielded container would be such a nice feature 🙂 - The dream of actual lightweight "VMs" in which you could land a user without having sleepless nights would come true.

@grzesiek
Copy link

grzesiek commented Jun 4, 2019

+1

1 similar comment
@anorth2
Copy link

anorth2 commented Dec 19, 2019

+1

gvisor-bot pushed a commit that referenced this issue Feb 4, 2020
@ianlewis @gvisor-bot
Stub oom_score_adj and oom_score.
b6ee1e6 
Adds an oom_score_adj and oom_score proc file stub. oom_score_adj accepts
writes of values -1000 to 1000 and persists the value with the task. New tasks
inherit the parent's oom_score_adj.

oom_score is a read-only stub that always returns the value '0'.

Issue #202

PiperOrigin-RevId: 290904479
@gvisor-bot gvisor-bot mentioned this issue Feb 4, 2020
Closed
@copybara-service copybara-service bot mentioned this issue Mar 4, 2020
Merged
copybara-service bot pushed a commit that referenced this issue Mar 4, 2020
@ianlewis @gvisor-bot
Stub oom_score_adj and oom_score.
dc1cc72 
Adds an oom_score_adj and oom_score proc file stub. oom_score_adj accepts
writes of values -1000 to 1000 and persists the value with the task. New tasks
inherit the parent's oom_score_adj.

oom_score is a read-only stub that always returns the value '0'.

Issue #202

PiperOrigin-RevId: 290904479
@snyk-bot snyk-bot mentioned this issue Mar 5, 2020
Open
copybara-service bot pushed a commit that referenced this issue Mar 6, 2020
@ianlewis @gvisor-bot
Stub oom_score_adj and oom_score.
da48fc6 
Adds an oom_score_adj and oom_score proc file stub. oom_score_adj accepts
writes of values -1000 to 1000 and persists the value with the task. New tasks
inherit the parent's oom_score_adj.

oom_score is a read-only stub that always returns the value '0'.

Issue #202

PiperOrigin-RevId: 299245355
@hbhasker hbhasker self-assigned this Nov 18, 2020
@ianlewis
Copy link
Contributor

This is now blocked on some kind of cgroups support inside the sandbox
Related: #906 #1906

@lining2020x
Copy link

+1

@pkit
Copy link
Contributor

pkit commented Aug 3, 2022

This is now blocked on some kind of cgroups support inside the sandbox Related: #906 #1906

A lot more it's blocked on: no support for bind mounts, no support for CLONE_NEWNS, etc. etc.
I will try to fix all of that.
On the other hand running it in a real docker daemon is probably too much of a task, because it will always fail at the various "security" measures that docker tries to set up and which are not needed.

@github-actions
Copy link

A friendly reminder that this issue had no activity for 120 days.

@github-actions github-actions bot added the stale-issue This issue has not been updated in 120 days. label Sep 15, 2023
@ayushr2
Copy link
Collaborator

ayushr2 commented Sep 15, 2023

@avagin has made good amounts of progress on this.

@avagin avagin self-assigned this Sep 15, 2023
@github-actions github-actions bot removed the stale-issue This issue has not been updated in 120 days. label Sep 16, 2023
@github-actions GitHub Actions
Copy link

A friendly reminder that this issue had no activity for 120 days.

@github-actions github-actions bot added the stale-issue This issue has not been updated in 120 days. label Jan 14, 2024
@github-actions GitHub Actions
Copy link

This issue has been closed due to lack of activity.

@ayushr2 ayushr2 removed the stale-issue This issue has not been updated in 120 days. label Apr 15, 2024
@avagin
Copy link
Collaborator

avagin commented Apr 17, 2024

https://gvisor.dev/docs/tutorials/docker-in-gvisor/

@hbhasker
Copy link
Contributor

This is awesome. I figured this was coming when I saw the veth device support being added!

@avagin
Copy link
Collaborator

avagin commented Apr 18, 2024

@hbhasker Hi Bhasker. Good to see you here:). Right now, we support only the host network mode. The bridge mode is coming soon. veth and bridges are still in development.

@hbhasker
Copy link
Contributor

I lurk and follow random PRs:) Good to see you too! Looking forward to the rest landing!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@avagin avagin

Labels
area: compatibility Issue related to (Linux) kernel compatibility auto-closed exported Issue was exported automatically priority: p3 Low priority type: bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
10 participants
@ianlewis @akoenig @amscanne @hbhasker @pkit @avagin @anorth2 @grzesiek @lining2020x @ayushr2