gVisor Users [Public]

Dear experts, Seems that gvisor assumes 4k page size. How to run it on an arm 64k page size machine?

I created a pod with runsc, in the pod.yaml file, a volume was mounted using CSI. The backend

Hey Zoey, None of the flags you mentioned are part of open-source runsc. So I can't set those.

Hi Chenwei, I think that sentence may be misleading. checkpoint/restore is supported on ARM64, we

> One thing I'm still unclear about: Docker supports checkpointing with `runsc` as a runtime,

The image you are using (dockurr/windows) runs Windows inside a virtual machine inside a container (

> if the sandboxee (untrusted application) calls the mount syscall, given by CAP_SYS_ADMIN, the

Hi, gVisor does not support AMD GPUs as of right now. On Sun, Apr 20, 2025 at 11:11 AM Alexander <

Ok, that's cool, thanks for the answer, but could you provide some examples or just give me link

I believe the format is --uid-map="1000 1000 1". See https://github.com/google/gvisor/blob/

Makes sense, thanks! +For the user group archaeologist of the future, this was on Ubuntu 22.04 itself

Check conversation here for more info: https://github.com/google/gvisor/issues/11388 Thanks a lot

This appears to be a duplicate of this thread, let's keep discussion there. I am linking it so

Given that this was also reported as an issue on GitHub here, let's keep the discussion on the

Thanks, I can work with that ; we'll use the latest tag, that should do. Our gvisor setup in CI

I would try to follow roughly the same pattern as `stack.SetTransportProtocolHandler(...)`. So

If you don't use runsc wait --checkpoint <num> you can stop reading now. Commit fb730ff

Hi David, Yes, checkpoint/restore is currently not possible with runsc across hosts with different

> Won't this cause the number of endpoints in the stack to grow unbounded over time? Largely

Forgot to mention that you'd also need to add MAP_SHARED|MAP_FIXED_NOREPLACE to syscall filters:

So you want: [ sandboxed app ] <--> [ httptap proxy ] <--> [ some other endpoint ] All

Thank you. Is the list you sent platforms that gVisor runs on top of? My main concern was the

Hi Justin, There is not an upcoming scheduled community meeting. We tend to schedule those as needed

I believe this was figured out on GitHub. On Mon, Oct 14, 2024 at 12:10 PM 'Kevin Krakauer'

Can you be more specific as to which type of tracing you are referring to? It's a highly

In collaboration with the Freedom of the Press Foundation, gVisor is now integrated in Dangerzone,

Thanks for all this information. > The idea was to provide a runsc command which can output a

Hi Kevin, Thanks for a quick reply. I am probably looking in the wrong place. I am using netstack

You may have full read permission, but do you also have execute (+x) permission on `/bin/echo`? If

Not really; `runsc usage` is the API that `runsc` offers to read this data from the host, similar to