summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
-rw-r--r--WORKSPACE4
-rw-r--r--website/Makefile6
-rwxr-xr-xwebsite/content/_config.yml7
l---------website/content/_includes/GOVERNANCE.md1
l---------website/content/_includes/SECURITY.md1
-rwxr-xr-xwebsite/content/_includes/byline.html2
-rwxr-xr-xwebsite/content/_includes/footer-links.html3
-rwxr-xr-xwebsite/content/_layouts/docs.html9
-rw-r--r--website/content/_posts/2019-11-18-security-basics.md12
-rw-r--r--website/content/assets/images/2019-11-18-security-basics-figure1.png (renamed from website/content/_posts/2019-11-18-security-basics-figure1.png)bin19088 -> 19088 bytes
-rw-r--r--website/content/assets/images/2019-11-18-security-basics-figure2.png (renamed from website/content/_posts/2019-11-18-security-basics-figure2.png)bin17642 -> 17642 bytes
-rw-r--r--website/content/assets/images/2019-11-18-security-basics-figure3.png (renamed from website/content/_posts/2019-11-18-security-basics-figure3.png)bin16471 -> 16471 bytes
-rwxr-xr-xwebsite/content/docs/architecture_guide/performance.md8
-rw-r--r--website/content/docs/community/governance.md10
-rwxr-xr-xwebsite/content/docs/community/index.md23
-rwxr-xr-xwebsite/content/index.md2
-rwxr-xr-xwebsite/content/roadmap.md35
-rwxr-xr-xwebsite/content/security.md7
-rw-r--r--website/static/performance/README.md2
19 files changed, 57 insertions, 75 deletions
diff --git a/WORKSPACE b/WORKSPACE
index ef62ca3fd..e1873e5c0 100644
--- a/WORKSPACE
+++ b/WORKSPACE
@@ -380,15 +380,15 @@ go_repository(
go_repository(
name = "org_uber_go_atomic",
importpath = "go.uber.org/atomic",
- version = "v1.6.0",
sum = "h1:Ezj3JGmsOnG1MoRWQkPBsKLe9DwWD9QeXzTRzzldNVk=",
+ version = "v1.6.0",
)
go_repository(
name = "org_uber_go_multierr",
importpath = "go.uber.org/multierr",
- version = "v1.5.0",
sum = "h1:KCa4XfM8CWFCpxXRGok+Q0SS/0XBhMDbHHGABQLvD2A=",
+ version = "v1.5.0",
)
# BigQuery Dependencies for Benchmarks
diff --git a/website/Makefile b/website/Makefile
index 12c9fd26b..79236a34e 100644
--- a/website/Makefile
+++ b/website/Makefile
@@ -24,9 +24,9 @@ lint:
.PHONY: lint
update: lint
- @mkdir -p _site && sudo chmod a+rw _site
- @docker run -v $$PWD:/site -w /site gvisor-website || ($(MAKE) clean && exit 1)
- @sudo chown -R $$(id -u):$$(id -g) _site
+ @sudo mkdir -p _site && sudo chmod a+rw _site
+ @find content -type f -exec chmod a+r {} \; && find content -type d -exec chmod a+rx {} \;
+ @docker run -v $$PWD:/site -w /site gvisor-website
.PHONY: build
clean:
diff --git a/website/content/_config.yml b/website/content/_config.yml
index c73afea31..b286d2996 100755
--- a/website/content/_config.yml
+++ b/website/content/_config.yml
@@ -18,3 +18,10 @@ defaults:
path: ""
values:
layout: default
+authors:
+ jsprad:
+ name: Jeremiah Spradlin
+ email: jsprad@google.com
+ zkoopmans:
+ name: Zach Koopmans
+ email: zkoopmans@google.com
diff --git a/website/content/_includes/GOVERNANCE.md b/website/content/_includes/GOVERNANCE.md
deleted file mode 120000
index 460729773..000000000
--- a/website/content/_includes/GOVERNANCE.md
+++ /dev/null
@@ -1 +0,0 @@
-../../../GOVERNANCE.md \ No newline at end of file
diff --git a/website/content/_includes/SECURITY.md b/website/content/_includes/SECURITY.md
deleted file mode 120000
index 7f933119f..000000000
--- a/website/content/_includes/SECURITY.md
+++ /dev/null
@@ -1 +0,0 @@
-../../../SECURITY.md \ No newline at end of file
diff --git a/website/content/_includes/byline.html b/website/content/_includes/byline.html
index 7d6d6aa59..d8ae22cb0 100755
--- a/website/content/_includes/byline.html
+++ b/website/content/_includes/byline.html
@@ -5,7 +5,7 @@ By
{% assign author_id=include.authors[i] %}
{% assign author=site.authors[author_id] %}
{% if author %}
- <a href="{{ author[1] }}">{{ author[0] }}</a>
+ <a href="mailto:{{ author.email }}">{{ author.name }}</a>
{% else %}
{{ author_id }}
{% endif %}
diff --git a/website/content/_includes/footer-links.html b/website/content/_includes/footer-links.html
index d7939e466..c2a89931e 100755
--- a/website/content/_includes/footer-links.html
+++ b/website/content/_includes/footer-links.html
@@ -5,7 +5,8 @@
<ul class="list-unstyled">
<li><a href="/roadmap">Roadmap</a></li>
<li><a href="/docs/community/">Contributing</a></li>
- <li><a href="https://gvisor.googlesource.com/community/+/refs/heads/master/README.md">Governance</a></li>
+ <li><a href="https://github.com/google/gvisor/blob/master/GOVERNANCE.md">Governance</a></li>
+ <li><a href="https://github.com/google/gvisor/blob/master/SECURITY.md">Security</a></li>
<li><a href="https://policies.google.com/privacy">Privacy Policy</a></li>
</ul>
</div>
diff --git a/website/content/_layouts/docs.html b/website/content/_layouts/docs.html
index f6a278bf4..3109def9f 100755
--- a/website/content/_layouts/docs.html
+++ b/website/content/_layouts/docs.html
@@ -14,7 +14,7 @@ categories:
{% for category in layout.categories %}
<h3>{{ category }}</h3>
<ul class="sidebar-nav">
- {% assign sorted_pages = site.pages | where: 'layout', 'docs' | where: 'category', category | sort: 'weight' %}
+ {% assign sorted_pages = site.pages | where: 'layout', 'docs' | where: 'category', category | sort: 'weight' | sort: 'subcategory' %}
{% assign subcategory = nil %}
{% for p in sorted_pages %}
{% if p.subcategory != subcategory %}
@@ -24,10 +24,11 @@ categories:
{% endif %}
{% assign subcategory = p.subcategory %}
{% if subcategory != nil %}
- {% assign id = p.subcategory | remove: " " | downcase %}
+ {% assign cid = p.category | remove: " " | downcase %}
+ {% assign sid = p.subcategory | remove: " " | downcase %}
<li>
- <a class="sidebar-nav-heading" data-toggle="collapse" href="#{{ id }}" aria-expanded="false" aria-controls="{{ id }}">{{ subcategory }}<span class="caret"></span></a>
- <ul class="collapse sidebar-nav sidebar-submenu" id="{{ id }}">
+ <a class="sidebar-nav-heading" data-toggle="collapse" href="#{{ cid }}-{{ sid }}" aria-expanded="false" aria-controls="{{ cid }}-{{ sid }}">{{ subcategory }}<span class="caret"></span></a>
+ <ul class="collapse sidebar-nav sidebar-submenu" id="{{ cid }}-{{ sid }}">
{% endif %}
{% endif %}
<li><a href="{{ p.url }}">{{ p.title }}</a></li>
diff --git a/website/content/_posts/2019-11-18-security-basics.md b/website/content/_posts/2019-11-18-security-basics.md
index ef2e9a37e..10a3ac0a7 100644
--- a/website/content/_posts/2019-11-18-security-basics.md
+++ b/website/content/_posts/2019-11-18-security-basics.md
@@ -1,8 +1,10 @@
---
title: gVisor Security Basics - Part 1
layout: post
-author: jsprad, zkoopmans
-permlink: /blog/:title/
+authors:
+- jsprad
+- zkoopmans
+permalink: /blog/2019/11/18/gvisor-security-basics-part-1/
---
# Part 1 - Introduction
@@ -87,7 +89,7 @@ Least-Privilege is applied throughout gVisor. Each component and more importantl
----
-![Figure 2](./2019-11-18-security-basics-figure2.png)
+![Figure 2](/assets/images/2019-11-18-security-basics-figure2.png)
Figure 2: runsc components and their privileges.
@@ -136,11 +138,11 @@ So, of the 350 syscalls in the Linux kernel, the Sentry needs to implement only
----
-![Figure 3](./2019-11-18-security-basics-figure3.png)
+![Figure 3](/assets/images/2019-11-18-security-basics-figure3.png)
Figure 3: Reduction of Attack Surface of the Syscall Table. Note that the Senty's Syscall Emulation Layer keeps the Containerized Process from ever calling the Host OS.
----
+----
## Secure-by-default
diff --git a/website/content/_posts/2019-11-18-security-basics-figure1.png b/website/content/assets/images/2019-11-18-security-basics-figure1.png
index 2a8134a7a..2a8134a7a 100644
--- a/website/content/_posts/2019-11-18-security-basics-figure1.png
+++ b/website/content/assets/images/2019-11-18-security-basics-figure1.png
Binary files differ
diff --git a/website/content/_posts/2019-11-18-security-basics-figure2.png b/website/content/assets/images/2019-11-18-security-basics-figure2.png
index f8b416e1d..f8b416e1d 100644
--- a/website/content/_posts/2019-11-18-security-basics-figure2.png
+++ b/website/content/assets/images/2019-11-18-security-basics-figure2.png
Binary files differ
diff --git a/website/content/_posts/2019-11-18-security-basics-figure3.png b/website/content/assets/images/2019-11-18-security-basics-figure3.png
index 833e3e2b5..833e3e2b5 100644
--- a/website/content/_posts/2019-11-18-security-basics-figure3.png
+++ b/website/content/assets/images/2019-11-18-security-basics-figure3.png
Binary files differ
diff --git a/website/content/docs/architecture_guide/performance.md b/website/content/docs/architecture_guide/performance.md
index 382772425..62c7ff8b6 100755
--- a/website/content/docs/architecture_guide/performance.md
+++ b/website/content/docs/architecture_guide/performance.md
@@ -250,15 +250,9 @@ operations are less of an issue. The above figure shows the total time required
for an `ffmpeg` container to start, load and transcode a 27MB input video.
[ab]: https://en.wikipedia.org/wiki/ApacheBench
-
-[benchmark-tools]: https://gvisor.googlesource.com/benchmark-tools
-
+[benchmark-tools]: https://github.com/google/gvisor/tree/master/benchmarks
[gce]: https://cloud.google.com/compute/
-
[cnn]: https://github.com/aymericdamien/TensorFlow-Examples/blob/master/examples/3_NeuralNetworks/convolutional_network.py
-
[docker]: https://docker.io
-
[redis-benchmark]: https://redis.io/topics/benchmarks
-
[vfs]: https://en.wikipedia.org/wiki/Virtual_file_system
diff --git a/website/content/docs/community/governance.md b/website/content/docs/community/governance.md
deleted file mode 100644
index 31db503ac..000000000
--- a/website/content/docs/community/governance.md
+++ /dev/null
@@ -1,10 +0,0 @@
----
-layout: docs
-permalink: /docs/community/governance/
-noedit: true
-category: Project
-display: Governance
-weight: 20
----
-
-{% include GOVERNANCE.md %}
diff --git a/website/content/docs/community/index.md b/website/content/docs/community/index.md
index 8971647d1..f2eb858cc 100755
--- a/website/content/docs/community/index.md
+++ b/website/content/docs/community/index.md
@@ -6,17 +6,15 @@ weight: 20
permalink: /docs/community/
---
-Contributions are accepted through our [GitHub][github] and [Google
-Source][googlesource] repositories. Individual projects have their own
-[contribution process][contributing].
+Contributions are accepted through our [GitHub][github] repositories. See the
+[contribution guide][contributing].
-## Community
+## Governance
-The authoritative document for community resources and organization is the
-[community repository][community], which contains the project's [governance
-model][governance] and [code of conduct][codeofconduct]. Individual repositories
-have their own guidelines and processes for contributing. See the [canonical
-list of repositories][repositories] for more information.
+See the project [governance][governance]. All projects are covered by our [code
+of conduct][codeofconduct].
+
+## Communication channels
The project maintains two mailing lists:
@@ -30,13 +28,10 @@ collaborate.
<iframe src="https://calendar.google.com/calendar/b/1/embed?showTitle=0&amp;height=600&amp;wkst=1&amp;bgcolor=%23FFFFFF&amp;src=bd6f4k210u3ukmlj9b8vl053fk%40group.calendar.google.com&amp;color=%23AB8B00&amp;ctz=America%2FLos_Angeles" style="border-width:0" width="600" height="400" frameborder="0" scrolling="no"></iframe>
-[community]: https://gvisor.googlesource.com/community
[contributing]: https://github.com/google/gvisor/blob/master/CONTRIBUTING.md
[github]: https://github.com/google/gvisor
[gitter-chat]: https://gitter.im/gvisor/community
-[governance]: https://gvisor.googlesource.com/community/+/refs/heads/master/README.md
-[googlesource]: https://gvisor.googlesource.com/
+[governance]: https://github.com/google/gvisor/blob/master/GOVERNANCE.md
[gvisor-dev]: https://groups.google.com/forum/#!forum/gvisor-dev
[gvisor-users]: https://groups.google.com/forum/#!forum/gvisor-users
-[codeofconduct]: https://gvisor.googlesource.com/community/+/refs/heads/master/CODE_OF_CONDUCT.md
-[repositories]: https://gvisor.googlesource.com/?format=HTML
+[codeofconduct]: https://github.com/google/gvisor/blob/master/CODE_OF_CONDUCT.md
diff --git a/website/content/index.md b/website/content/index.md
index 9dab9cbad..f09a7e89e 100755
--- a/website/content/index.md
+++ b/website/content/index.md
@@ -15,6 +15,7 @@ layout: base
<div class="container"> <!-- Full page container. -->
+<!--
<div class="row">
<div class="col-md-3"></div>
<div class="col-md-6">
@@ -26,6 +27,7 @@ layout: base
</div>
<div class="col-md-3"></div>
</div>
+-->
<div class="row">
diff --git a/website/content/roadmap.md b/website/content/roadmap.md
index 614172c60..fa12bee4b 100755
--- a/website/content/roadmap.md
+++ b/website/content/roadmap.md
@@ -16,23 +16,22 @@ feature work.
Most gVisor work is focused on four areas.
-* [Performance][performance]: overall sandbox performance, including platform performance, is
- a critical area for investment. This includes, e.g. network performance
- (throughput and latency), file system performance (metadata and actual I/O),
- application switch and fault costs, etc. The goal of gVisor is to provide
- sandboxing without a material performance or efficiency impact on all but the
- most performance-sensitive applications.
-
-* [Compatibility][compatibility]: supporting a wide range of applications requires supporting a
- large system API, including special system files (e.g. proc, sys, dev, etc.).
- The goal of gVisor is to support the broad set of applications that depend on
- a generic Linux API, rather than a specific kernel version (e.g. system
- administration tools, or tools that depend on kernel internals).
-
-* [Infrastructure][infrastructure]: the above performance and compatibility
- goals require aggressive testing and coverage, and continuous improvement.
- This includes adding appropriate system call coverage, end-to-end suites and
- runtime tests.
+* [Performance][performance]: overall sandbox performance, including platform
+ performance, is a critical area for investment. This includes: network
+ performance (throughput and latency), file system performance (metadata and
+ data I/O), application switch and fault costs, etc. The goal of gVisor is to
+ provide sandboxing without a material performance or efficiency impact on all
+ but the most performance-sensitive applications.
+
+* [Compatibility][compatibility]: supporting a wide range of applications
+ requires supporting a large system API, including special system files (e.g.
+ proc, sys, dev, etc.). The goal of gVisor is to support the broad set of
+ applications that depend on a generic Linux API, rather than a specific kernel
+ version.
+
+* [Infrastructure & tooling][infrastructure]: the above goals require aggressive
+ testing and coverage, and well-established processes. This includes adding
+ appropriate system call coverage, end-to-end suites and runtime tests.
* [Integration][integration]: Container infrastructure is evolving rapidly and
becoming more complex, and gVisor must continuously implement relevant and
@@ -52,4 +51,4 @@ are available via the [Installation instructions](/docs/user_guide/install/).
[performance]: https://github.com/google/gvisor/issues?q=is%3Aopen+is%3Aissue+label%3A%22area%3A+performance%22
[integration]: https://github.com/google/gvisor/issues?q=is%3Aopen+is%3Aissue+label%3A%22area%3A+integration%22
[compatibility]: https://github.com/google/gvisor/issues?q=is%3Aopen+is%3Aissue+label%3A%22area%3A+compatibility%22
-[infrastructure]: https://github.com/google/gvisor/issues?q=is%3Aopen+is%3Aissue+label%3A%22area%3A+infrastructure%22
+[infrastructure]: https://github.com/google/gvisor/issues?q=is%3Aopen+is%3Aissue+label%3A%22area%3A+tooling%22
diff --git a/website/content/security.md b/website/content/security.md
deleted file mode 100755
index 49580eab3..000000000
--- a/website/content/security.md
+++ /dev/null
@@ -1,7 +0,0 @@
----
-layout: docs
-permalink: /security/
-noedit: true
----
-
-{% include SECURITY.md %}
diff --git a/website/static/performance/README.md b/website/static/performance/README.md
index 93c4f59df..0dbfd2f02 100644
--- a/website/static/performance/README.md
+++ b/website/static/performance/README.md
@@ -6,4 +6,4 @@ This directory holds the CSVs generated by the
In the future, these will be automatically posted to a cloud storage bucket and
loaded dynamically. At that point, this directory will be removed.
-[benchmark-tools]: https://gvisor.googlesource.com/benchmark-tools
+[benchmark-tools]: https://github.com/google/gvisor/tree/master/benchmarks