gvisor
gvisor copied to clipboard
google
Application Kernel for Containers
Disable process_vm_read/writev and add a test. ProcessVM readv/writev needs some work due to lock ordering issues with locking MM between tasks. So disable the call until it can be fixed....
![copybara-service[bot] avatar](https://avatars.githubusercontent.com/in/44061?v=4 "copybara-service[bot] avatar"){kind=avatar}
Fix IP_ADD_MEMBERSHIP address checking to match linux. When handling a call to setsockopt for IP_ADD_MEMBERSHIP with an ip_mreqn struct with a non-zero interface IP address and interface index, Linux checks...
### Description When handling a call to setsockopt for `IP_ADD_MEMBERSHIP` with an `ip_mreqn` struct with a non-zero interface IP address and interface index, Linux checks the interface index first and,...
Test IPv4 multicast registration with interface address and index When setting IP_ADD_MEMBERSHIP on a UDP socket, if the additional data provided is an `ip_mreqn` struct with an interface index and...
Add option for root overlay mount in runsc. This patch adds a flag to runsc to set up the root filesystem with overlayfs which has an upper layer of tmpfs...
Modifying tmpfs memory allocation for deleted file. -If the file is deleted and even if an open file descriptor exits for the file, no memory allocation will be allocated against...
### Description I'm trying to run Julia and it's failing to initialize consistently with `init_shared_map: No space left on device`. This does not happen outside of gVisor (or even on...
### Description I have tried different drivers (docker, kvm2, qemu) and different CNIs (bridge, kindnet, calico), but I can't seem to get the gvisor addon to work. Using the docker...
Add tutorial for using Falco with gVisor
### Description ``` ➜ ~ nerdctl run --detach --privileged --runtime "io.containerd.runsc.v1" --name fedora docker.io/library/fedora:36 WARN[0000] cannot set cgroup manager to "systemd" for runtime "io.containerd.runsc.v1" FATA[0000] failed to create shim task:...
