Kevin Krakauer

Been trying to merge this, but running into a failing test internally. Should be able to reproduce it by running this: ``` bazel test //test/syscalls:socket_inet_loopback_test_runsc_ptrace --runs_per_test=1000 ``` `POLLRDHUP` isn't being...

_Caveat: this is my first time hearing about MACVLAN interfaces. I'm mostly going with the description [here][redhatdoc]._ `runsc` was written to operate in a Docker-esque environment. For networking, this means...

What's the motivation for using MACVLAN? I'm thinking about how to deal with this, but the simplest solution is to use the traditional veth+bridge solution. Maybe we could re-add the...

I ran the repro and confirmed that the issue exists, albeit with some weirdness: - runsc scrapes 2 IPs from the host namespace: the fe80::f00 and an auto-generated ([EUI]?) address....

Can you help describe the problem in more detail? Is this contradicted in a doc somewhere, or does this differ from other implementers of `net.Conn`?

We'd definitely accept a PR with this change!

Very interested in making this happen. Thinking of this as separate sub-issues: 1. **General third-party stack support** - I think this is great. The largest issue I see is API...

> Does CGO interface introduce security issue? In other words, if we introduce a rust-based component (also memory-safe) in sentry, does that break the security? We've never discussed the CGO...

> First, we propose abstracting a set of APIs for gVisor's network stack. This way, third-party network stacks will only need to implement these APIs in order to be compatible...

Something I should've been more clear about regarding the static binary idea: I'm suggesting that the existing, cgo-free `runsc` target remain as-is, and that we support third party network stacks...