diff options
author | Ian Lewis <ianmlewis@gmail.com> | 2019-03-29 22:40:11 -0400 |
---|---|---|
committer | Ian Lewis <ianmlewis@gmail.com> | 2019-03-29 22:40:11 -0400 |
commit | 22f1890a9beab11d8cfdceba3a4d66f8bbbb468c (patch) | |
tree | 110ec3a84a72560244ee4476852295b86a737eb0 /content/docs/user_guide/docker.md |
Initial commit
Diffstat (limited to 'content/docs/user_guide/docker.md')
-rw-r--r-- | content/docs/user_guide/docker.md | 81 |
1 files changed, 81 insertions, 0 deletions
diff --git a/content/docs/user_guide/docker.md b/content/docs/user_guide/docker.md new file mode 100644 index 000000000..3123785a7 --- /dev/null +++ b/content/docs/user_guide/docker.md @@ -0,0 +1,81 @@ ++++ +title = "Docker Quick Start" +weight = 10 ++++ +This guide will help you quickly get started running Docker containers using +gVisor with the default platform. + +## Install gVisor + +{{% readfile file="docs/includes/install_gvisor.md" markdown="true" %}} + +## Configuring Docker + +> Note: This guide requires Docker. Refer to the [Docker documentation][docker] for +> how to install it. + +First you will need to configure Docker to use `runsc` by adding a runtime +entry to your Docker configuration (`/etc/docker/daemon.json`). You may have to +create this file if it does not exist. Also, some Docker versions also require +you to [specify the `storage-driver` field][storage-driver]. + +In the end, the file should look something like: + +```json +{ + "runtimes": { + "runsc": { + "path": "/usr/local/bin/runsc" + } + } +} +``` + +You must restart the Docker daemon after making changes to this file, typically +this is done via `systemd`: + +```bash +sudo systemctl restart docker +``` + +## Running a container + +Now run your container using the `runsc` runtime: + +```bash +docker run --runtime=runsc hello-world +``` + +You can also run a terminal to explore the container. + +```bash +docker run --runtime=runsc -it ubuntu /bin/bash +``` + +## Verify the runtime + +You can verify that you are running in gVisor using the `dmesg` command. + +```text +$ docker run --runtime=runsc -it ubuntu dmesg +[ 0.000000] Starting gVisor... +[ 0.354495] Daemonizing children... +[ 0.564053] Constructing home... +[ 0.976710] Preparing for the zombie uprising... +[ 1.299083] Creating process schedule... +[ 1.479987] Committing treasure map to memory... +[ 1.704109] Searching for socket adapter... +[ 1.748935] Generating random numbers by fair dice roll... +[ 2.059747] Digging up root... +[ 2.259327] Checking naughty and nice process list... +[ 2.610538] Rewriting operating system in Javascript... +[ 2.613217] Ready! +``` + +Note that this is easily replicated by an attacker so applications should never +use `dmesg` to verify the runtime in a security sensitive context. + +Next, try running gVisor using the [KVM platform](../platforms/). + +[docker]: https://docs.docker.com/install/ +[storage-driver]: https://docs.docker.com/engine/reference/commandline/dockerd/#daemon-storage-driver |