gvisor docker in gVisor: I am one with the force, the force is with me

Startup is currently blocked by oom_score_adj, but there are many additional blockers.

Apr 19 '19 00:04 amscanne

Running Docker in a gVisor shielded container would be such a nice feature :slightly_smiling_face: - The dream of actual lightweight "VMs" in which you could land a user without having sleepless nights would come true.

May 01 '19 21:05 akoenig

+1

Jun 04 '19 09:06 grzesiek

+1

Dec 19 '19 23:12 anorth2

This is now blocked on some kind of cgroups support inside the sandbox Related: #906 #1906

Nov 21 '20 03:11 ianlewis

+1

Nov 12 '21 03:11 lining2020x

This is now blocked on some kind of cgroups support inside the sandbox Related: #906 #1906

A lot more it's blocked on: no support for bind mounts, no support for CLONE_NEWNS, etc. etc. I will try to fix all of that. On the other hand running it in a real docker daemon is probably too much of a task, because it will always fail at the various "security" measures that docker tries to set up and which are not needed.

Aug 03 '22 18:08 pkit

A friendly reminder that this issue had no activity for 120 days.

Sep 15 '23 00:09 github-actions[bot]

@avagin has made good amounts of progress on this.

Sep 15 '23 18:09 ayushr2

A friendly reminder that this issue had no activity for 120 days.

Jan 14 '24 00:01 github-actions[bot]

This issue has been closed due to lack of activity.

Apr 14 '24 00:04 github-actions[bot]

https://gvisor.dev/docs/tutorials/docker-in-gvisor/

Apr 17 '24 20:04 avagin

This is awesome. I figured this was coming when I saw the veth device support being added!

Apr 17 '24 22:04 hbhasker

@hbhasker Hi Bhasker. Good to see you here:). Right now, we support only the host network mode. The bridge mode is coming soon. veth and bridges are still in development.

Apr 18 '24 00:04 avagin

I lurk and follow random PRs:) Good to see you too! Looking forward to the rest landing!

Apr 18 '24 02:04 hbhasker