Constantine Peresypkin
Constantine Peresypkin
ssh to `[email protected]` from there you can `ssh -p 9001 localhost` to the actual box via a permanent tunnel.
Ok, I will need to add you to the sudo group, because there is no way to test runsc without root, it seems :(
Yup, that's what I ve said :) It works on the same stepping as the initial bug reporter. So I suppose it can be closed?
I thought you want to test something else
> This is now blocked on some kind of cgroups support inside the sandbox Related: #906 #1906 A lot more it's blocked on: no support for bind mounts, no support...
`vfs2` is the default. Can it be implemented now? I can poke it, if needed.
@kevinGC it seems like it has some TODO here https://github.com/google/gvisor/blob/5ffcc1f799e31eba3a95d7e2f251ee111656520c/pkg/sentry/kernel/task_clone.go#L128
Ah, bind mounts are not there too. Probably needs bind mounts first...
And yes, it works if correct port is used: ``` $ sudo nsenter -n -t $(docker inspect --format {{.State.Pid}} gvisor_ubuntu-gvisor_1) iptables-legacy -nvL -t nat Chain PREROUTING (policy ACCEPT 0 packets,...