diff options
-rw-r--r-- | g3doc/architecture_guide/performance.md | 2 | ||||
-rw-r--r-- | g3doc/architecture_guide/resources.md | 2 | ||||
-rw-r--r-- | g3doc/architecture_guide/security.md | 2 | ||||
-rw-r--r-- | g3doc/user_guide/FAQ.md | 2 | ||||
-rw-r--r-- | g3doc/user_guide/checkpoint_restore.md | 2 | ||||
-rw-r--r-- | g3doc/user_guide/compatibility.md | 2 | ||||
-rw-r--r-- | g3doc/user_guide/debugging.md | 2 | ||||
-rw-r--r-- | g3doc/user_guide/filesystem.md | 2 | ||||
-rw-r--r-- | g3doc/user_guide/install.md | 6 | ||||
-rw-r--r-- | g3doc/user_guide/networking.md | 2 | ||||
-rw-r--r-- | g3doc/user_guide/platforms.md | 2 | ||||
-rw-r--r-- | website/defs.bzl | 9 |
12 files changed, 32 insertions, 3 deletions
diff --git a/g3doc/architecture_guide/performance.md b/g3doc/architecture_guide/performance.md index fd219be5e..2f83c0d20 100644 --- a/g3doc/architecture_guide/performance.md +++ b/g3doc/architecture_guide/performance.md @@ -1,5 +1,7 @@ # Performance Guide +[TOC] + gVisor is designed to provide a secure, virtualized environment while preserving key benefits of containerization, such as small fixed overheads and a dynamic resource footprint. For containerized infrastructure, this can provide a diff --git a/g3doc/architecture_guide/resources.md b/g3doc/architecture_guide/resources.md index 3ed5d6355..4580bf9f4 100644 --- a/g3doc/architecture_guide/resources.md +++ b/g3doc/architecture_guide/resources.md @@ -1,5 +1,7 @@ # Resource Model +[TOC] + The resource model for gVisor does not assume a fixed number of threads of execution (i.e. vCPUs) or amount of physical memory. Where possible, decisions about underlying physical resources are delegated to the host system, where diff --git a/g3doc/architecture_guide/security.md b/g3doc/architecture_guide/security.md index 59003f0a8..afafe5c05 100644 --- a/g3doc/architecture_guide/security.md +++ b/g3doc/architecture_guide/security.md @@ -1,5 +1,7 @@ # Security Model +[TOC] + gVisor was created in order to provide additional defense against the exploitation of kernel bugs by untrusted userspace code. In order to understand how gVisor achieves this goal, it is first necessary to understand the basic diff --git a/g3doc/user_guide/FAQ.md b/g3doc/user_guide/FAQ.md index 7707217fb..9eb9f4501 100644 --- a/g3doc/user_guide/FAQ.md +++ b/g3doc/user_guide/FAQ.md @@ -1,5 +1,7 @@ # FAQ +[TOC] + ### What operating systems are supported? {#supported-os} Today, gVisor requires Linux. diff --git a/g3doc/user_guide/checkpoint_restore.md b/g3doc/user_guide/checkpoint_restore.md index 1814a2799..b0aa308f3 100644 --- a/g3doc/user_guide/checkpoint_restore.md +++ b/g3doc/user_guide/checkpoint_restore.md @@ -1,5 +1,7 @@ # Checkpoint/Restore +[TOC] + gVisor has the ability to checkpoint a process, save its current state in a state file, and restore into a new container using the state file. diff --git a/g3doc/user_guide/compatibility.md b/g3doc/user_guide/compatibility.md index 5fe9fc1e8..30c787e75 100644 --- a/g3doc/user_guide/compatibility.md +++ b/g3doc/user_guide/compatibility.md @@ -1,5 +1,7 @@ # Applications +[TOC] + gVisor implements a large portion of the Linux surface and while we strive to make it broadly compatible, there are (and always will be) unimplemented features and bugs. The only real way to know if it will work is to try. If you diff --git a/g3doc/user_guide/debugging.md b/g3doc/user_guide/debugging.md index a7c3138d7..38e26db76 100644 --- a/g3doc/user_guide/debugging.md +++ b/g3doc/user_guide/debugging.md @@ -1,5 +1,7 @@ # Debugging +[TOC] + To enable debug and system call logging, add the `runtimeArgs` below to your [Docker](../quick_start/docker/) configuration (`/etc/docker/daemon.json`): diff --git a/g3doc/user_guide/filesystem.md b/g3doc/user_guide/filesystem.md index 13bc07ab1..50a1c0020 100644 --- a/g3doc/user_guide/filesystem.md +++ b/g3doc/user_guide/filesystem.md @@ -1,5 +1,7 @@ # Filesystem +[TOC] + gVisor accesses the filesystem through a file proxy, called the Gofer. The gofer runs as a separate process, that is isolated from the sandbox. Gofer instances communicate with their respective sentry using the 9P protocol. For a more detailed diff --git a/g3doc/user_guide/install.md b/g3doc/user_guide/install.md index 28422612e..a4cb926f5 100644 --- a/g3doc/user_guide/install.md +++ b/g3doc/user_guide/install.md @@ -1,7 +1,9 @@ # Installation --> Note: gVisor supports only x86\_64 and requires Linux 4.14.77+ --> ([older Linux](./networking.md#gso)). +[TOC] + +> Note: gVisor supports only x86\_64 and requires Linux 4.14.77+ +> ([older Linux](./networking.md#gso)). ## Versions diff --git a/g3doc/user_guide/networking.md b/g3doc/user_guide/networking.md index 26c76e8aa..348b66bfd 100644 --- a/g3doc/user_guide/networking.md +++ b/g3doc/user_guide/networking.md @@ -1,5 +1,7 @@ # Networking +[TOC] + gVisor implements its own network stack called [netstack][netstack]. All aspects of the network stack are handled inside the Sentry — including TCP connection state, control messages, and packet assembly — keeping it isolated from the host diff --git a/g3doc/user_guide/platforms.md b/g3doc/user_guide/platforms.md index fb48db34f..f13092016 100644 --- a/g3doc/user_guide/platforms.md +++ b/g3doc/user_guide/platforms.md @@ -1,5 +1,7 @@ # Platforms (KVM) +[TOC] + This document will help you set up your system to use a different gVisor platform. diff --git a/website/defs.bzl b/website/defs.bzl index fe711d5d1..64a9d43e3 100644 --- a/website/defs.bzl +++ b/website/defs.bzl @@ -130,7 +130,14 @@ layout: {layout}""" builder_content += [header.format(**args)] builder_content += ["---"] builder_content += ["EOF"] - builder_content += ["grep -v -E '^# ' %s >>$T/%s || true" % (f.path, f.short_path)] + + # To generate the final page, we need to strip out the title (which + # was pulled above to generate the annotation in the frontmatter, + # and substitute the [TOC] tag with the {% toc %} plugin tag. Note + # that the pipeline here is almost important, as the grep will + # return non-zero if the file is empty, but we ignore that within + # the pipeline. + builder_content += ["grep -v -E '^# ' %s | sed -e 's|^\\[TOC\\]$|- TOC\\n{:toc}|' >>$T/%s" % (f.path, f.short_path)] builder_content += ["declare -r filename=$(readlink -m %s)" % tarball.path] builder_content += ["(cd $T && tar -zcf \"${filename}\" .)\n"] |