gVisor runtime monitoring for OCI

[Lars Andringa]

Hi all,

I am looking into implementing gVisor's runtime monitoring (runsc trace) into an application, however I am trying to do it using the OCI method (runsc run) rather than docker. The documentation however only covers docker.

The main issue I am running into is that I need the sandbox ID for the trace command, but I cannot find the sandbox ID of my running process. Every form of lists or descriptions of my containers give me the linux PID of the process, but this obviously doesn't help. How can I find the sandbox ID of my running container using runsc run?

Kind regards,
Lars

[Ayush Ranjan]

The sandbox ID is the container ID in your case. You must be using `runsc create <container-id>` and `runsc run <container-id>`. Just use the container-id for the trace command.

Note that in some cases the sandbox ID might be different from the container ID. This only happens when using subcontainers (when a sandbox is running multiple containers). In that case, the sandbox ID is the first (root) container's ID. And subsequent containers in that sandbox (subcontainers) have a container ID that is different from sandbox ID. But I assume you are not using subcontainers.

You can follow the logic over here to see how the sandbox ID is configured.

--
You received this message because you are subscribed to the Google Groups "gVisor Users [Public]" group.
To unsubscribe from this group and stop receiving emails from it, send an email to gvisor-users...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/gvisor-users/86297ad8-d41f-4598-a056-7b48ae5934b0n%40googlegroups.com.

[Fabricio Voznika]

You can also get the list of all sandboxes with: `runsc list --sandbox --root=<root_dir>`

To view this discussion on the web visit https://groups.google.com/d/msgid/gvisor-users/CALqkrRUYAypKoEdFmwLxyVmUjjUZM4D7015PXE8bq0eoMY7M4g%40mail.gmail.com.

[Lars Andringa]

Thank you for both answers. This helped out a ton.