diff options
Diffstat (limited to 'g3doc/user_guide/FAQ.md')
| -rw-r--r-- | g3doc/user_guide/FAQ.md | 28 |
1 files changed, 16 insertions, 12 deletions
diff --git a/g3doc/user_guide/FAQ.md b/g3doc/user_guide/FAQ.md index 9eb9f4501..89df65e99 100644 --- a/g3doc/user_guide/FAQ.md +++ b/g3doc/user_guide/FAQ.md @@ -63,7 +63,8 @@ not realize a new file was copied to a given directory. To invalidate the cache and force a refresh, create a file under the directory in question and list the contents again. -As a workaround, shared root filesystem can be enabled. See [Filesystem][filesystem]. +As a workaround, shared root filesystem can be enabled. See +[Filesystem][filesystem]. This bug is tracked in [bug #4](https://gvisor.dev/issue/4). @@ -82,13 +83,16 @@ sudo chmod 0755 /usr/local/bin/runsc ### I'm getting an error like `mount submount "/etc/hostname": creating mount with source ".../hostname": input/output error: unknown.` {#memlock} -There is a bug in Linux kernel versions 5.1 to 5.3.15, 5.4.2, and 5.5. Upgrade to a newer kernel or add the following to `/lib/systemd/system/containerd.service` as a workaround. +There is a bug in Linux kernel versions 5.1 to 5.3.15, 5.4.2, and 5.5. Upgrade +to a newer kernel or add the following to +`/lib/systemd/system/containerd.service` as a workaround. ``` LimitMEMLOCK=infinity ``` -And run `systemctl daemon-reload && systemctl restart containerd` to restart containerd. +And run `systemctl daemon-reload && systemctl restart containerd` to restart +containerd. See [issue #1765](https://gvisor.dev/issue/1765) for more details. @@ -97,18 +101,18 @@ See [issue #1765](https://gvisor.dev/issue/1765) for more details. This is normally indicated by errors like `bad address 'container-name'` when trying to communicate to another container in the same network. -Docker user defined bridge uses an embedded DNS server bound to the loopback +Docker user defined bridge uses an embedded DNS server bound to the loopback interface on address 127.0.0.10. This requires access to the host network in -order to communicate to the DNS server. runsc network is isolated from the -host and cannot access the DNS server on the host network without breaking the +order to communicate to the DNS server. runsc network is isolated from the host +and cannot access the DNS server on the host network without breaking the sandbox isolation. There are a few different workarounds you can try: -* Use default bridge network with `--link` to connect containers. Default - bridge doesn't use embedded DNS. -* Use [`--network=host`][host-net] option in runsc, however beware that it will - use the host network stack and is less secure. -* Use IPs instead of container names. -* Use [Kubernetes][k8s]. Container name lookup works fine in Kubernetes. +* Use default bridge network with `--link` to connect containers. Default + bridge doesn't use embedded DNS. +* Use [`--network=host`][host-net] option in runsc, however beware that it + will use the host network stack and is less secure. +* Use IPs instead of container names. +* Use [Kubernetes][k8s]. Container name lookup works fine in Kubernetes. [security-model]: /docs/architecture_guide/security/ [host-net]: /docs/user_guide/networking/#network-passthrough |