From f24db99498a8a061f3b80e633eaa648984338e58 Mon Sep 17 00:00:00 2001 From: Nicolas Lacasse Date: Fri, 11 May 2018 10:22:15 -0700 Subject: Update README to point to nightly builds. The "install from source" section is moved under "advanced" header, right before the testing section. PiperOrigin-RevId: 196271666 Change-Id: I653ac0a2fa4661c96a0cb3daf3528c2109fed8d7 --- README.md | 70 +++++++++++++++++++++++++++++++++++++++------------------------ 1 file changed, 44 insertions(+), 26 deletions(-) diff --git a/README.md b/README.md index ab38e1788..8bef83861 100644 --- a/README.md +++ b/README.md @@ -164,40 +164,24 @@ cost of some isolation. These instructions will get you up-and-running sandboxed containers with gVisor and Docker. -### Requirements +Note that gVisor can only run on x86\_64 Linux 3.17+. In addition, gVisor only +supports x86\_64 binaries inside the sandbox (i.e., it cannot run 32-bit +binaries). -gVisor currently can only build and run on x86\_64 Linux 3.17+. In addition, -gVisor only supports x86\_64 binaries inside the sandbox (i.e., it cannot run -32-bit binaries). +### Download a Nightly Build -In addition, the following dependencies must be installed: - -* [git][git] -* [Bazel][bazel] -* [Python][python] -* [Docker version 17.09.0 or greater][docker] -* Gold linker (e.g. `binutils-gold` package on Ubuntu) - -### Getting the source - -Clone the gVisor repo: - -``` -git clone https://gvisor.googlesource.com/gvisor gvisor -cd gvisor -``` - -### Building - -Build and install the `runsc` binary. +The easiest way to get `runsc` is from a the latest nightly build. +[here][runsc-nightly]. **It is important to copy this binary to some place that is accessible to all users**, since `runsc` executes itself as user `nobody` to avoid unnecessary privileges. The `/usr/local/bin` directory is a good choice. + ``` -bazel build runsc -sudo cp ./bazel-bin/runsc/linux_amd64_pure_stripped/runsc /usr/local/bin +wget https://storage.googleapis.com/gvisor/releases/nightly/latest/runsc +chmod +x runsc +sudo mv runsc /usr/local/bin ``` ### Configuring Docker @@ -254,6 +238,39 @@ Pod is coming soon. ## Advanced Usage +### Installing from Source + +gVisor currently requires x86\_64 Linux to build. + +#### Requirements + +Make sure the following dependencies are installed: + +* [git][git] +* [Bazel][bazel] +* [Python][python] +* [Docker version 17.09.0 or greater][docker] +* Gold linker (e.g. `binutils-gold` package on Ubuntu) + +#### Getting the source + +Clone the gVisor repo: + +``` +git clone https://gvisor.googlesource.com/gvisor gvisor +cd gvisor +``` + +### Building + +Build and install the `runsc` binary. + +``` +bazel build runsc +sudo cp ./bazel-bin/runsc/linux_amd64_pure_stripped/runsc /usr/local/bin +``` + + ### Testing The gVisor test suite can be run with Bazel: @@ -431,6 +448,7 @@ See [Contributing.md](CONTRIBUTING.md). [netstack]: https://github.com/google/netstack [oci]: https://www.opencontainers.org [python]: https://python.org +[runsc-nightly]: https://storage.googleapis.com/gvisor/releases/nightly/latest/runsc [sandbox]: https://en.wikipedia.org/wiki/Sandbox_(computer_security) [seccomp]: https://www.kernel.org/doc/Documentation/prctl/seccomp_filter.txt [selinux]: https://selinuxproject.org -- cgit v1.2.3