gvisor-containerd-shim is not compatible with containerd 1.1 or earlier.
Starting from containerd 1.2, shim v2 is the preferred interface.
PiperOrigin-RevId: 351485556
* Aggregate architecture Overview in "What is gVisor?" as it makes more sense
in one place.
* Drop "user-space kernel" and use "application kernel". The term "user-space
kernel" is confusing when some platform implementation do not run in
user-space (instead running in guest ring zero).
* Clear up the relationship between the Platform page in the user guide and the
Platform page in the architecture guide, and ensure they are cross-linked.
* Restore the call-to-action quick start link in the main page, and drop the
GitHub link (which also appears in the top-right).
* Improve image formatting by centering all doc and blog images, and move the
image captions to the alt text.
PiperOrigin-RevId: 311845158
This will require a reasonably modern toolchain. I've put minimum compiler
versions in the README based on versions in
https://en.cppreference.com/w/cpp/compiler_support that have mostly complete
language and library support.
The minimum Bazel version bump is unrelated, but 0.28 is definitely not
supported anymore.
Please report issues on gvisor.dev/issue/1349.
Fixes#1349
PiperOrigin-RevId: 284274250
bazel has a lot of dependencies and users don't want to install them
just to build gvisor.
These changes allows to run bazel in a docker container.
A bazel cache is on the local file system (~/.cache/bazel), so
incremental builds should be fast event after recreating a bazel
container.
Here is an example how to build runsc:
make BAZEL_OPTIONS="build runsc:runsc" bazel
Change-Id: I8c0a6d0c30e835892377fb6dd5f4af7a0052d12a
PiperOrigin-RevId: 246570877
Bazel 0.23.0 is required due to the use of cc_flags_supplier.bzl in the vdso
package. cc_flags_supplier.bzl was added in 0.23.0.
PiperOrigin-RevId: 245192715
Change-Id: I4258c064e5cc3bac2a587c887e0d8f87b6678ec7
This CL merges all RBE-specific configuration from .bazelrc_rbe into .bazelrc
so that it will be picked up by default by users running bazel.
It also checks in a bazelrc from the upstream bazel-toolchains repository, and
imports that into our repo-specific .bazelrc. This makes it easier to maintain
and update the bazelrc going forward.
Documentation was added to the README.
PiperOrigin-RevId: 242208733
Change-Id: Iea32de9be85b024bd74f88909b56b2a8ab34851a
Updated the README to correct some wording and clarify a bit that containerd
CRI runtime is needed.
PiperOrigin-RevId: 224944753
Change-Id: I7b9c527500f99571aca7ef73058472ae9b3d5371
Bazel 0.18 moved the workspace bazelrc location from //tools/bazel.rc to
//.bazelrc. The old location will be dropped by a future version of
bazel.
This bumps the minimum required version of bazel to 0.18.
More context:
https://groups.google.com/forum/#!msg/bazel-discuss/ycDacctX2vw/EGFxGLibAgAJ
PiperOrigin-RevId: 220338084
Change-Id: Ib6fa83a4a0f89e8e898d67152c7bd429e0b9b21e
This is a breaking change if you're using --debug-log-dir.
The fix is to replace it with --debug-log and add a '/' at
the end:
--debug-log-dir=/tmp/runsc ==> --debug-log=/tmp/runsc/
PiperOrigin-RevId: 216761212
Change-Id: I244270a0a522298c48115719fa08dad55e34ade1
When starting a sandbox without direct file or network access, we create an
empty user namespace and run the sandbox in there. However, the root user in
that namespace is still mapped to the root user in the parent namespace.
This CL maps the "nobody" user from the parent namespace into the child
namespace, and runs the sandbox process as user "nobody" inside the new
namespace.
PiperOrigin-RevId: 211572223
Change-Id: I1b1f9b1a86c0b4e7e5ca7bc93be7d4887678bab6
In the main readme, checkpoint and restore is listed as an
advanced feature, and a link to its readme is provided.
PiperOrigin-RevId: 208279833
Change-Id: Ib3db28a8df8ec93cf8d98d5dfd2ee2f75a61e664
The "install from source" section is moved under "advanced" header, right
before the testing section.
PiperOrigin-RevId: 196271666
Change-Id: I653ac0a2fa4661c96a0cb3daf3528c2109fed8d7
Fabricio Voznika
Adin Scannell
Ian Lewis
Joshua Abraham
Geethanjali Eswaran
Michael Pratt
Andrei Vagin
Nicolas Lacasse
Kevin Krakauer
Justine Olshan
Eric Chiang
Christopher Koch