summaryrefslogtreecommitdiffhomepage
path: root/g3doc/user_guide/compatibility.md
diff options
context:
space:
mode:
authorAdin Scannell <ascannell@google.com>2020-04-27 22:24:58 -0700
committerAdin Scannell <ascannell@google.com>2020-05-06 14:15:18 -0700
commit508e25b6d6e9a81edb6ddf8738450b79898b446a (patch)
treea7f6105ac25c8a879ed880e477d89ec6b6eb1a24 /g3doc/user_guide/compatibility.md
parent8cb33ce5ded7d417710e7e749524b895deb20397 (diff)
Adapt website to use g3doc sources and bazel.
This adapts the merged website repository to use the image and bazel build framework. It explicitly avoids the container_image rules provided by bazel, opting instead to build with direct docker commands when necessary. The relevant build commands are incorporated into the top-level Makefile.
Diffstat (limited to 'g3doc/user_guide/compatibility.md')
-rw-r--r--g3doc/user_guide/compatibility.md87
1 files changed, 87 insertions, 0 deletions
diff --git a/g3doc/user_guide/compatibility.md b/g3doc/user_guide/compatibility.md
new file mode 100644
index 000000000..5fe9fc1e8
--- /dev/null
+++ b/g3doc/user_guide/compatibility.md
@@ -0,0 +1,87 @@
+# Applications
+
+gVisor implements a large portion of the Linux surface and while we strive to
+make it broadly compatible, there are (and always will be) unimplemented
+features and bugs. The only real way to know if it will work is to try. If you
+find a container that doesn’t work and there is no known issue, please [file a
+bug][bug] indicating the full command you used to run the image. You can view
+open issues related to compatibility [here][issues].
+
+If you're able to provide the [debug logs](../debugging/), the
+problem likely to be fixed much faster.
+
+## What works?
+
+The following applications/images have been tested:
+
+* elasticsearch
+* golang
+* httpd
+* java8
+* jenkins
+* mariadb
+* memcached
+* mongo
+* mysql
+* nginx
+* node
+* php
+* postgres
+* prometheus
+* python
+* redis
+* registry
+* tomcat
+* wordpress
+
+## Utilities
+
+Most common utilities work. Note that:
+
+* Some tools, such as `tcpdump` and old versions of `ping`, require explicitly
+ enabling raw sockets via the unsafe `--net-raw` runsc flag.
+* Different Docker images can behave differently. For example, Alpine Linux and
+ Ubuntu have different `ip` binaries.
+
+ Specific tools include:
+
+| Tool | Status |
+| --- | --- |
+| apt-get | Working |
+| bundle | Working |
+| cat | Working |
+| curl | Working |
+| dd | Working |
+| df | Working |
+| dig | Working |
+| drill | Working |
+| env | Working |
+| find | Working |
+| gdb | Working |
+| gosu | Working |
+| grep | Working (unless stdin is a pipe and stdout is /dev/null) |
+| ifconfig | Works partially, like ip. Full support [in progress](https://gvisor.dev/issue/578) |
+| ip | Some subcommands work (e.g. addr, route). Full support [in progress](https://gvisor.dev/issue/578) |
+| less | Working |
+| ls | Working |
+| lsof | Working |
+| mount | Works in readonly mode. gVisor doesn't currently support creating new mounts at runtime |
+| nc | Working |
+| nmap | Not working |
+| netstat | [In progress](https://gvisor.dev/issue/2112) |
+| nslookup | Working |
+| ping | Working |
+| ps | Working |
+| route | Working |
+| ss | [In progress](https://gvisor.dev/issue/2114) |
+| sshd | Partially working. Job control [in progress](https://gvisor.dev/issue/154) |
+| strace | Working |
+| tar | Working |
+| tcpdump | [In progress](https://gvisor.dev/issue/173) |
+| top | Working |
+| uptime | Working |
+| vim | Working |
+| wget | Working |
+
+[bug]: https://github.com/google/gvisor/issues/new?title=Compatibility%20Issue:
+[issues]: https://github.com/google/gvisor/issues?q=is%3Aissue+is%3Aopen+label%3A%22area%3A+compatibility%22