diff options
Diffstat (limited to 'g3doc')
| -rw-r--r-- | g3doc/user_guide/compatibility.md | 75 | ||||
| -rw-r--r-- | g3doc/user_guide/debugging.md | 35 | ||||
| -rw-r--r-- | g3doc/user_guide/install.md | 5 | ||||
| -rw-r--r-- | g3doc/user_guide/networking.md | 2 |
4 files changed, 68 insertions, 49 deletions
diff --git a/g3doc/user_guide/compatibility.md b/g3doc/user_guide/compatibility.md index 9d3e3680f..76e879a01 100644 --- a/g3doc/user_guide/compatibility.md +++ b/g3doc/user_guide/compatibility.md @@ -49,43 +49,44 @@ Most common utilities work. Note that: <!-- mdformat off(don't wrap the table) --> -| Tool | Status | -|:--------:|:-----------------------------------------:| -| apt-get | Working. | -| bundle | Working. | -| cat | Working. | -| curl | Working. | -| dd | Working. | -| df | Working. | -| dig | Working. | -| drill | Working. | -| env | Working. | -| find | Working. | -| gdb | Working. | -| gosu | Working. | -| grep | Working (unless stdin is a pipe and stdout is /dev/null). | -| ifconfig | Works partially, like ip. Full support [in progress](https://gvisor.dev/issue/578). | -| ip | Some subcommands work (e.g. addr, route). Full support [in progress](https://gvisor.dev/issue/578). | -| less | Working. | -| ls | Working. | -| lsof | Working. | -| mount | Works in readonly mode. gVisor doesn't currently support creating new mounts at runtime. | -| nc | Working. | -| nmap | Not working. | -| netstat | [In progress](https://gvisor.dev/issue/2112). | -| nslookup | Working. | -| ping | Working. | -| ps | Working. | -| route | Working. | -| ss | [In progress](https://gvisor.dev/issue/2114). | -| sshd | Partially working. Job control [in progress](https://gvisor.dev/issue/154). | -| strace | Working. | -| tar | Working. | -| tcpdump | [In progress](https://gvisor.dev/issue/173). | -| top | Working. | -| uptime | Working. | -| vim | Working. | -| wget | Working. | +| Tool | Status | +| :--------: | :-----------------------------------------: | +| apt-get | Working. | +| bundle | Working. | +| cat | Working. | +| curl | Working. | +| dd | Working. | +| df | Working. | +| dig | Working. | +| drill | Working. | +| env | Working. | +| find | Working. | +| gcore | Working. | +| gdb | Working. | +| gosu | Working. | +| grep | Working (unless stdin is a pipe and stdout is /dev/null). | +| ifconfig | Works partially, like ip. Full support [in progress](https://gvisor.dev/issue/578). | +| ip | Some subcommands work (e.g. addr, route). Full support [in progress](https://gvisor.dev/issue/578). | +| less | Working. | +| ls | Working. | +| lsof | Working. | +| mount | Works in readonly mode. gVisor doesn't currently support creating new mounts at runtime. | +| nc | Working. | +| nmap | Not working. | +| netstat | [In progress](https://gvisor.dev/issue/2112). | +| nslookup | Working. | +| ping | Working. | +| ps | Working. | +| route | Working. | +| ss | [In progress](https://gvisor.dev/issue/2114). | +| sshd | Partially working. Job control [in progress](https://gvisor.dev/issue/154). | +| strace | Working. | +| tar | Working. | +| tcpdump | Working. [Promiscuous mode in progress](https://gvisor.dev/issue/3333). | +| top | Working. | +| uptime | Working. | +| vim | Working. | +| wget | Working. | <!-- mdformat on --> diff --git a/g3doc/user_guide/debugging.md b/g3doc/user_guide/debugging.md index 54fdce34f..2291b5fab 100644 --- a/g3doc/user_guide/debugging.md +++ b/g3doc/user_guide/debugging.md @@ -61,24 +61,39 @@ You can debug gVisor like any other Golang program. If you're running with Docker, you'll need to find the sandbox PID and attach the debugger as root. Here is an example: +Install a runsc with debug symbols (you can also use the +[nightly release](../install/#nightly)): + ```bash -# Get a runsc with debug symbols (download nightly or build with symbols). -bazel build -c dbg //runsc:runsc +make dev BAZEL_OPTIONS="-c dbg" +``` -# Start the container you want to debug. -docker run --runtime=runsc --rm --name=test -d alpine sleep 1000 +Start the container you want to debug using the runsc runtime with debug +options: -# Find the sandbox PID. -docker inspect test | grep Pid | head -n 1 +```bash +docker run --runtime=$(git branch --show-current)-d --rm --name=test -p 8080:80 -d nginx +``` -# Attach your favorite debugger. -sudo dlv attach <PID> +Find the PID and attach your favorite debugger: + +```bash +sudo dlv attach $(docker inspect test | grep Pid | head -n 1 | grep -oe "[0-9]*") +``` -# Set a breakpoint and resume. -break mm.MemoryManager.MMap +Set a breakpoint for accept: + +```bash +break gvisor.dev/gvisor/pkg/sentry/socket/netstack.(*SocketOperations).Accept continue ``` +In a different window connect to nginx to trigger the breakpoint: + +```bash +curl http://localhost:8080/ +``` + ## Profiling `runsc` integrates with Go profiling tools and gives you easy commands to diff --git a/g3doc/user_guide/install.md b/g3doc/user_guide/install.md index 321f13ce8..85ba6a161 100644 --- a/g3doc/user_guide/install.md +++ b/g3doc/user_guide/install.md @@ -55,7 +55,10 @@ sudo apt-get install -y \ software-properties-common ``` -Next, the configure the key used to sign archives and the repository: +Next, configure the key used to sign archives and the repository. + +NOTE: The key was updated on 2021-07-13 to replace the expired key. If you get +errors about the key being expired, run the `apt-key add` command below again. ```bash curl -fsSL https://gvisor.dev/archive.key | sudo apt-key add - diff --git a/g3doc/user_guide/networking.md b/g3doc/user_guide/networking.md index 95f675633..75f01aac5 100644 --- a/g3doc/user_guide/networking.md +++ b/g3doc/user_guide/networking.md @@ -61,7 +61,7 @@ Add the following `runtimeArgs` to your Docker configuration ### Disable GSO {#gso} -If your Linux is older than 4.14.17, you can disable Generic Segmentation +If your Linux is older than 4.14.77, you can disable Generic Segmentation Offload (GSO) to run with a kernel that is newer than 3.17. Add the `--gso=false` flag to your Docker runtime configuration (`/etc/docker/daemon.json`) and restart the Docker daemon: |