gvrun

command module
v0.0.0-...-f91c4b2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 4, 2021 License: Apache-2.0, MIT Imports: 12 Imported by: 0

README

gvrun: simple sandboxing with gVisor

gvrun is a rudimentary wrapper around gVisor's runsc that allows simple sandboxing of local workloads without a container image.

gvrun is intended only for running very simple workloads. Workloads running in gvrun are given access only to the binary itself, the current working directory, and a few critical system libraries (like libc). As a result, many workloads will not work out-of-the-box with gvrun. More complex workloads are likely better off running in a Docker container with runsc.

Workloads have no host filesystem write access (all writes are in-memory only) and no network access.

Getting Started

  1. Build gvrun with go build.

  2. Download or build a copy of runsc. Note that only the runsc binary is required, not any Docker or containerd configuration.

  3. Run a workload: sudo /path/to/gvrun -runsc /path/to/runsc /bin/echo hello world.

Note that gvrun must be run with sudo, as gVisor requires root permissions to set up the sandbox.

Documentation

The Go Gopher

There is no documentation for this package.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.