blob: 22cda44bc786929e38a44dea10eb63968a1c20ee (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
|
+++
title = "FAQ"
weight = 1000
+++
### What operating systems are supported?
gVisor requires Linux {{< required_linux >}} ([older Linux][old-linux]).
### What CPU architectures are supported?
gVisor currently supports [x86_64/AMD64](https://en.wikipedia.org/wiki/X86-64)
compatible processors.
### Do I need to modify my Linux application to use gVisor?
No. gVisor is capable of running unmodified Linux binaries.
### What binary formats does gVisor support?
gVisor supports Linux
[ELF](https://en.wikipedia.org/wiki/Executable_and_Linkable_Format) binaries.
Binaries run in gVisor should be built for the
[AMD64](https://en.wikipedia.org/wiki/X86-64) CPU architecture.
### Can I run Docker images using gVisor.
Yes. Please see the [Docker Quick Start](/docs/user_guide/docker/).
## Troubleshooting
### My container runs fine with `runc` but fails with `runsc`
If you’re having problems running a container with `runsc` it’s most likely due
to a compatibility issue or a missing feature in gVisor. See
[Debugging](../debugging/).
### When I run my container, docker fails with: `open /run/containerd/.../<containerid>/log.json: no such file or directory`
You are using an older version of Linux which doesn't support `memfd_create`.
gVisor requires Linux {{< required_linux >}} ([older Linux][old-linux]).
[comment]: # (TODO[gvisor.dev/issue/268] remove when better error messages are implemented.)
### When I run my container, docker fails with: `flag provided but not defined: -console`
You're using an old version of Docker. See [Docker Quick Start](../docker/).
### I can’t see a file copied with: `docker cp`
For performance reasons, gVisor caches directory contents, and therefore it may
not realize a new file was copied to a given directory. To invalidate the cache
and force a refresh, create a file under the directory in question and list the
contents again.
As a workaround, shared root filesystem can be enabled. See [Filesystem](../filesystem/).
This bug is tracked in [bug #4](https://github.com/google/gvisor/issues/4).
Note that `kubectl cp` works because it does the copy by exec'ing inside the
sandbox, and thus gVisor's internal cache is made aware of the new files and
directories.
### I'm getting an error like: `panic: unable to attach: operation not permitted`
Make sure that permissions and the owner is correct on the `runsc` binary.
```bash
sudo chown root:root /usr/local/bin/runsc
sudo chmod 0755 /usr/local/bin/runsc
```
### What's the security model?
See the [Security Model](../../architecture_guide/security/).
[old-linux]: /docs/user_guide/networking/#gso
|