blob: ef50c01470373c93d941fabb9e3a6119c3307ce7 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
|
# Applications
[TOC]
gVisor implements a large portion of the Linux surface and while we strive to
make it broadly compatible, there are (and always will be) unimplemented
features and bugs. The only real way to know if it will work is to try. If you
find a container that doesn’t work and there is no known issue, please
[file a bug][bug] indicating the full command you used to run the image. You can
view open issues related to compatibility [here][issues].
If you're able to provide the [debug logs](../debugging/), the problem likely to
be fixed much faster.
## What works?
The following applications/images have been tested:
* elasticsearch
* golang
* httpd
* java8
* jenkins
* mariadb
* memcached
* mongo
* mysql
* nginx
* node
* php
* postgres
* prometheus
* python
* redis
* registry
* tomcat
* wordpress
## Utilities
Most common utilities work. Note that:
* Some tools, such as `tcpdump` and old versions of `ping`, require explicitly
enabling raw sockets via the unsafe `--net-raw` runsc flag.
* In case of tcpdump the following invocations will work
* tcpdump -i any
* tcpdump -i \<device-name\> -p (-p disables promiscuous mode)
* Different Docker images can behave differently. For example, Alpine Linux
and Ubuntu have different `ip` binaries.
Specific tools include:
<!-- mdformat off(don't wrap the table) -->
| Tool | Status |
| :--------: | :-----------------------------------------: |
| apt-get | Working. |
| bundle | Working. |
| cat | Working. |
| curl | Working. |
| dd | Working. |
| df | Working. |
| dig | Working. |
| drill | Working. |
| env | Working. |
| find | Working. |
| gcore | Working. |
| gdb | Working. |
| gosu | Working. |
| grep | Working (unless stdin is a pipe and stdout is /dev/null). |
| ifconfig | Works partially, like ip. Full support [in progress](https://gvisor.dev/issue/578). |
| ip | Some subcommands work (e.g. addr, route). Full support [in progress](https://gvisor.dev/issue/578). |
| less | Working. |
| ls | Working. |
| lsof | Working. |
| mount | Works in readonly mode. gVisor doesn't currently support creating new mounts at runtime. |
| nc | Working. |
| nmap | Not working. |
| netstat | [In progress](https://gvisor.dev/issue/2112). |
| nslookup | Working. |
| ping | Working. |
| ps | Working. |
| route | Working. |
| ss | [In progress](https://gvisor.dev/issue/2114). |
| sshd | Partially working. Job control [in progress](https://gvisor.dev/issue/154). |
| strace | Working. |
| tar | Working. |
| tcpdump | Working [only with libpcap versions < 1.10](https://github.com/google/gvisor/issues/6699), [Promiscuous mode in progress](https://gvisor.dev/issue/3333). |
| top | Working. |
| uptime | Working. |
| vim | Working. |
| wget | Working. |
<!-- mdformat on -->
[bug]: https://github.com/google/gvisor/issues/new?title=Compatibility%20Issue:
[issues]: https://github.com/google/gvisor/issues?q=is%3Aissue+is%3Aopen+label%3A%22area%3A+compatibility%22
|