Bazel 国内镜像源加速下载:
https://mirrors.huaweicloud.com/bazel/
root@cloud:/gvisor# bazel version Build label: 3.7.1 Build target: bazel-out/aarch64-opt/bin/src/main/java/com/google/devtools/build/lib/bazel/BazelServer_deploy.jar Build time: Tue Nov 24 18:28:32 2020 (1606242512) Build timestamp: 1606242512 Build timestamp as int: 1606242512 root@cloud:/gvisor# uname -a Linux cloud 5.5.19-050519-generic #202004210831 SMP Tue Apr 21 08:49:56 UTC 2020 aarch64 aarch64 aarch64 GNU/Linux root@cloud:/gvisor# bazel build runsc
直接运行bazel build runsc,不需要golang环境
# cd gvisor # bazel clean # rm -rf /root/.cache/bazel/_bazel_root # make runsc
bazel build runsc
root@cloud:/gvisor# bazel clean INFO: Starting clean (this may take a while). Consider using --async if the clean takes more than several minutes. root@cloud:/gvisor# bazel build runsc DEBUG: /root/.cache/bazel/_bazel_root/5c091e64dca9ad5afc61f8dabe991a85/external/bazel_toolchains/rules/rbe_repo/version_check.bzl:68:14: Current running Bazel is ahead of bazel-toolchains repo. Please update your pin to bazel-toolchains repo in your WORKSPACE file. DEBUG: /root/.cache/bazel/_bazel_root/5c091e64dca9ad5afc61f8dabe991a85/external/bazel_toolchains/rules/rbe_repo/checked_in.bzl:125:14: rbe_default not using checked in configs; Bazel version 3.7.2 was picked/selected but no checked in config was found in map {"0.20.0": ["8.0.0"], "0.21.0": ["8.0.0"], "0.22.0": ["8.0.0", "9.0.0"], "0.23.0": ["8.0.0", "9.0.0"], "0.23.1": ["8.0.0", "9.0.0"], "0.23.2": ["9.0.0"], "0.24.0": ["9.0.0"], "0.24.1": ["9.0.0"], "0.25.0": ["9.0.0"], "0.25.1": ["9.0.0"], "0.25.2": ["9.0.0"], "0.26.0": ["9.0.0"], "0.26.1": ["9.0.0"], "0.27.0": ["9.0.0"], "0.27.1": ["9.0.0"], "0.28.0": ["9.0.0"], "0.28.1": ["9.0.0"], "0.29.0": ["9.0.0"], "0.29.1": ["9.0.0", "10.0.0"], "1.0.0": ["9.0.0", "10.0.0"], "1.0.1": ["10.0.0"], "1.1.0": ["10.0.0"], "1.2.0": ["10.0.0"], "1.2.1": ["10.0.0"], "2.0.0": ["10.0.0"], "2.1.0": ["10.0.0"], "2.1.1": ["10.0.0", "11.0.0"], "2.2.0": ["11.0.0"], "3.0.0": ["11.0.0"], "3.1.0": ["11.0.0"]} INFO: Analyzed target //runsc:runsc (329 packages loaded, 11593 targets configured). INFO: Found 1 target... ERROR: /gvisor/runsc/cmd/BUILD:5:11: GoCompilePkg runsc/cmd/cmd.a failed (Exit 1): builder failed: error executing command bazel-out/host/bin/external/go_sdk/builder compilepkg -sdk external/go_sdk -installsuffix linux_arm64 -src runsc/cmd/boot.go -src runsc/cmd/capability.go -src runsc/cmd/checkpoint.go -src ... (remaining 119 argument(s) skipped) Use --sandbox_debug to see verbose messages from the sandbox builder failed: error executing command bazel-out/host/bin/external/go_sdk/builder compilepkg -sdk external/go_sdk -installsuffix linux_arm64 -src runsc/cmd/boot.go -src runsc/cmd/capability.go -src runsc/cmd/checkpoint.go -src ... (remaining 119 argument(s) skipped) Use --sandbox_debug to see verbose messages from the sandbox compilepkg: missing strict dependencies: /root/.cache/bazel/_bazel_root/5c091e64dca9ad5afc61f8dabe991a85/sandbox/linux-sandbox/3229/execroot/__main__/runsc/cmd/boot.go: import of "github.com/google/subcommands" /root/.cache/bazel/_bazel_root/5c091e64dca9ad5afc61f8dabe991a85/sandbox/linux-sandbox/3229/execroot/__main__/runsc/cmd/checkpoint.go: import of "github.com/google/subcommands" /root/.cache/bazel/_bazel_root/5c091e64dca9ad5afc61f8dabe991a85/sandbox/linux-sandbox/3229/execroot/__main__/runsc/cmd/create.go: import of "github.com/google/subcommands" /root/.cache/bazel/_bazel_root/5c091e64dca9ad5afc61f8dabe991a85/sandbox/linux-sandbox/3229/execroot/__main__/runsc/cmd/debug.go: import of "github.com/google/subcommands" /root/.cache/bazel/_bazel_root/5c091e64dca9ad5afc61f8dabe991a85/sandbox/linux-sandbox/3229/execroot/__main__/runsc/cmd/delete.go: import of "github.com/google/subcommands" /root/.cache/bazel/_bazel_root/5c091e64dca9ad5afc61f8dabe991a85/sandbox/linux-sandbox/3229/execroot/__main__/runsc/cmd/do.go: import of "github.com/google/subcommands" /root/.cache/bazel/_bazel_root/5c091e64dca9ad5afc61f8dabe991a85/sandbox/linux-sandbox/3229/execroot/__main__/runsc/cmd/error.go: import of "github.com/google/subcommands" /root/.cache/bazel/_bazel_root/5c091e64dca9ad5afc61f8dabe991a85/sandbox/linux-sandbox/3229/execroot/__main__/runsc/cmd/events.go: import of "github.com/google/subcommands" /root/.cache/bazel/_bazel_root/5c091e64dca9ad5afc61f8dabe991a85/sandbox/linux-sandbox/3229/execroot/__main__/runsc/cmd/exec.go: import of "github.com/google/subcommands" /root/.cache/bazel/_bazel_root/5c091e64dca9ad5afc61f8dabe991a85/sandbox/linux-sandbox/3229/execroot/__main__/runsc/cmd/gofer.go: import of "github.com/google/subcommands" /root/.cache/bazel/_bazel_root/5c091e64dca9ad5afc61f8dabe991a85/sandbox/linux-sandbox/3229/execroot/__main__/runsc/cmd/help.go: import of "github.com/google/subcommands" /root/.cache/bazel/_bazel_root/5c091e64dca9ad5afc61f8dabe991a85/sandbox/linux-sandbox/3229/execroot/__main__/runsc/cmd/install.go: import of "github.com/google/subcommands" /root/.cache/bazel/_bazel_root/5c091e64dca9ad5afc61f8dabe991a85/sandbox/linux-sandbox/3229/execroot/__main__/runsc/cmd/kill.go: import of "github.com/google/subcommands" /root/.cache/bazel/_bazel_root/5c091e64dca9ad5afc61f8dabe991a85/sandbox/linux-sandbox/3229/execroot/__main__/runsc/cmd/list.go: import of "github.com/google/subcommands" /root/.cache/bazel/_bazel_root/5c091e64dca9ad5afc61f8dabe991a85/sandbox/linux-sandbox/3229/execroot/__main__/runsc/cmd/pause.go: import of "github.com/google/subcommands" /root/.cache/bazel/_bazel_root/5c091e64dca9ad5afc61f8dabe991a85/sandbox/linux-sandbox/3229/execroot/__main__/runsc/cmd/ps.go: import of "github.com/google/subcommands" /root/.cache/bazel/_bazel_root/5c091e64dca9ad5afc61f8dabe991a85/sandbox/linux-sandbox/3229/execroot/__main__/runsc/cmd/restore.go: import of "github.com/google/subcommands" /root/.cache/bazel/_bazel_root/5c091e64dca9ad5afc61f8dabe991a85/sandbox/linux-sandbox/3229/execroot/__main__/runsc/cmd/resume.go: import of "github.com/google/subcommands" /root/.cache/bazel/_bazel_root/5c091e64dca9ad5afc61f8dabe991a85/sandbox/linux-sandbox/3229/execroot/__main__/runsc/cmd/run.go: import of "github.com/google/subcommands" /root/.cache/bazel/_bazel_root/5c091e64dca9ad5afc61f8dabe991a85/sandbox/linux-sandbox/3229/execroot/__main__/runsc/cmd/spec.go: import of "github.com/google/subcommands" /root/.cache/bazel/_bazel_root/5c091e64dca9ad5afc61f8dabe991a85/sandbox/linux-sandbox/3229/execroot/__main__/runsc/cmd/start.go: import of "github.com/google/subcommands" /root/.cache/bazel/_bazel_root/5c091e64dca9ad5afc61f8dabe991a85/sandbox/linux-sandbox/3229/execroot/__main__/runsc/cmd/state.go: import of "github.com/google/subcommands" /root/.cache/bazel/_bazel_root/5c091e64dca9ad5afc61f8dabe991a85/sandbox/linux-sandbox/3229/execroot/__main__/runsc/cmd/statefile.go: import of "github.com/google/subcommands" /root/.cache/bazel/_bazel_root/5c091e64dca9ad5afc61f8dabe991a85/sandbox/linux-sandbox/3229/execroot/__main__/runsc/cmd/symbolize.go: import of "github.com/google/subcommands" /root/.cache/bazel/_bazel_root/5c091e64dca9ad5afc61f8dabe991a85/sandbox/linux-sandbox/3229/execroot/__main__/runsc/cmd/syscalls.go: import of "github.com/google/subcommands" /root/.cache/bazel/_bazel_root/5c091e64dca9ad5afc61f8dabe991a85/sandbox/linux-sandbox/3229/execroot/__main__/runsc/cmd/wait.go: import of "github.com/google/subcommands" No dependencies were provided. Check that imports in Go sources match importpath attributes in deps. Target //runsc:runsc failed to build Use --verbose_failures to see the command lines of failed build steps. INFO: Elapsed time: 60.049s, Critical Path: 39.51s INFO: 1650 processes: 37 internal, 1613 linux-sandbox. FAILED: Build did NOT complete successfully root@cloud:/gvisor# ls /root/.cache/bazel/_bazel_root/ 5c091e64dca9ad5afc61f8dabe991a85 cache install root@cloud:/gvisor# bazel --sandbox_debug [FATAL 11:27:56.261 src/main/cpp/blaze.cc:1293] Unknown startup option: '--sandbox_debug'. For more info, run 'bazel help startup_options'.
root@cloud:/gvisor# bazel [bazel release 3.7.2] Usage: bazel <command> <options> ... Available commands: analyze-profile Analyzes build profile data. aquery Analyzes the given targets and queries the action graph. build Builds the specified targets. canonicalize-flags Canonicalizes a list of bazel options. clean Removes output files and optionally stops the server. coverage Generates code coverage report for specified test targets. cquery Loads, analyzes, and queries the specified targets w/ configurations. dump Dumps the internal state of the bazel server process. fetch Fetches external repositories that are prerequisites to the targets. help Prints help for commands, or the index. info Displays runtime info about the bazel server. license Prints the license of this software. mobile-install Installs targets to mobile devices. print_action Prints the command line args for compiling a file. query Executes a dependency graph query. run Runs the specified target. shutdown Stops the bazel server. sync Syncs all repositories specified in the workspace file test Builds and runs the specified test targets. version Prints version information for bazel. Getting more help: bazel help <command> Prints help and options for <command>. bazel help startup_options Options for the JVM hosting bazel. bazel help target-syntax Explains the syntax for specifying targets. bazel help info-keys Displays a list of keys used by the info command. root@cloud:/gvisor# bazel version Build label: 3.7.2 Build target: bazel-out/aarch64-opt/bin/src/main/java/com/google/devtools/build/lib/bazel/BazelServer_deploy.jar Build time: Thu Dec 17 17:01:12 2020 (1608224472) Build timestamp: 1608224472 Build timestamp as int: 1608224472 root@cloud:/gvisor#
root@cloud:/gvisor# ls /root/.cache/bazel/_bazel_root/5c091e64dca9ad5afc61f8dabe991a85/sandbox/linux-sandbox/1614/execroot/__main__/ ls: cannot access '/root/.cache/bazel/_bazel_root/5c091e64dca9ad5afc61f8dabe991a85/sandbox/linux-sandbox/1614/execroot/__main__/': No such file or directory root@cloud:/gvisor# ls /root/.cache/bazel/_bazel_root/5c091e64dca9ad5afc61f8dabe991a85/sandbox/linux-sandbox/1614/ ls: cannot access '/root/.cache/bazel/_bazel_root/5c091e64dca9ad5afc61f8dabe991a85/sandbox/linux-sandbox/1614/': No such file or directory root@cloud:/gvisor# ls /root/.cache/bazel/_bazel_root/5c091e64dca9ad5afc61f8dabe991a85/sandbox/ ls: cannot access '/root/.cache/bazel/_bazel_root/5c091e64dca9ad5afc61f8dabe991a85/sandbox/': No such file or directory root@cloud:/gvisor# ls /root/.cache/bazel/_bazel_root/5c091e64dca9ad5afc61f8dabe991a85 action_cache bazel-workers command.log command.profile.gz DO_NOT_BUILD_HERE execroot external install java.log java.log.cloud.root.log.java.20210108-113222.543576 javalog.properties lock README server root@cloud:/gvisor#
root@cloud:/gvisor# git fetch --all Fetching origin remote: Enumerating objects: 431, done. remote: Counting objects: 100% (431/431), done. remote: Compressing objects: 100% (44/44), done. remote: Total 494 (delta 396), reused 417 (delta 386), pack-reused 63 Receiving objects: 100% (494/494), 86.63 KiB | 34.00 KiB/s, done. Resolving deltas: 100% (397/397), completed with 266 local objects. From https://github.com/google/gvisor a20da7082..e74aa25e2 master -> origin/master 1ea6658d2..43ca8a82c go -> origin/go + 2d5ef5235...bf35d7304 test/cl344879562 -> origin/test/cl344879562 (forced update) + 39e12b533...fee5d2cdc test/cl347771969 -> origin/test/cl347771969 (forced update) + b0d2ba55c...997c55550 test/cl350844518 -> origin/test/cl350844518 (forced update) + 7573892aa...0b255067a test/cl350862614 -> origin/test/cl350862614 (forced update) + 08ebd4d99...4950c8eef test/cl351261565 -> origin/test/cl351261565 (forced update) * [new branch] test/cl351393647 -> origin/test/cl351393647 * [new branch] test/cl351424216 -> origin/test/cl351424216 * [new branch] test/cl351428246 -> origin/test/cl351428246 * [new branch] test/cl351436580 -> origin/test/cl351436580 * [new branch] test/cl351468163 -> origin/test/cl351468163 * [new branch] test/cl351476479 -> origin/test/cl351476479 * [new branch] test/cl351508241 -> origin/test/cl351508241 root@cloud:/gvisor# bazel clean --expunge Starting local Bazel server and connecting to it... INFO: Starting clean (this may take a while). Consider using --async if the clean takes more than several minutes. root@cloud:/gvisor# bazel build //runsc Starting local Bazel server and connecting to it...
root@cloud:/# git clone https://github.com/google/gvisor.git Cloning into 'gvisor'... remote: Enumerating objects: 49, done. remote: Counting objects: 100% (49/49), done. remote: Compressing objects: 100% (39/39), done. error: RPC failed; curl 56 GnuTLS recv error (-54): Error in the pull function. fatal: The remote end hung up unexpectedly fatal: early EOF fatal: index-pack failed root@cloud:/# git clone https://github.com/google/gvisor.git Cloning into 'gvisor'... remote: Enumerating objects: 54, done. remote: Counting objects: 100% (54/54), done. remote: Compressing objects: 100% (40/40), done. remote: Total 98067 (delta 16), reused 33 (delta 13), pack-reused 98013 Receiving objects: 100% (98067/98067), 62.01 MiB | 77.00 KiB/s, done. Resolving deltas: 100% (73361/73361), done. root@cloud:/# ls bin boot data1 dev dune-common etc gvisor home lib lost+found media mnt mycontainer nsexec opt proc root run sbin snap srv swapfile sys tmp usr var root@cloud:/# rm -rf /root/.cache/bazel/* root@cloud:/# bazel build runsc Extracting Bazel installation... ERROR: The 'build' command is only supported from within a workspace (below a directory having a WORKSPACE file). See documentation at https://docs.bazel.build/versions/master/build-ref.html#workspace root@cloud:/# cd gvisor/ root@cloud:/gvisor# bazel build runsc Starting local Bazel server and connecting to it... DEBUG: /root/.cache/bazel/_bazel_root/5c091e64dca9ad5afc61f8dabe991a85/external/bazel_toolchains/rules/rbe_repo/version_check.bzl:68:14: Current running Bazel is ahead of bazel-toolchains repo. Please update your pin to bazel-toolchains repo in your WORKSPACE file. DEBUG: /root/.cache/bazel/_bazel_root/5c091e64dca9ad5afc61f8dabe991a85/external/bazel_toolchains/rules/rbe_repo/checked_in.bzl:125:14: rbe_default not using checked in configs; Bazel version 3.7.1 was picked/selected but no checked in config was found in map {"0.20.0": ["8.0.0"], "0.21.0": ["8.0.0"], "0.22.0": ["8.0.0", "9.0.0"], "0.23.0": ["8.0.0", "9.0.0"], "0.23.1": ["8.0.0", "9.0.0"], "0.23.2": ["9.0.0"], "0.24.0": ["9.0.0"], "0.24.1": ["9.0.0"], "0.25.0": ["9.0.0"], "0.25.1": ["9.0.0"], "0.25.2": ["9.0.0"], "0.26.0": ["9.0.0"], "0.26.1": ["9.0.0"], "0.27.0": ["9.0.0"], "0.27.1": ["9.0.0"], "0.28.0": ["9.0.0"], "0.28.1": ["9.0.0"], "0.29.0": ["9.0.0"], "0.29.1": ["9.0.0", "10.0.0"], "1.0.0": ["9.0.0", "10.0.0"], "1.0.1": ["10.0.0"], "1.1.0": ["10.0.0"], "1.2.0": ["10.0.0"], "1.2.1": ["10.0.0"], "2.0.0": ["10.0.0"], "2.1.0": ["10.0.0"], "2.1.1": ["10.0.0", "11.0.0"], "2.2.0": ["11.0.0"], "3.0.0": ["11.0.0"], "3.1.0": ["11.0.0"]} INFO: Repository com_github_grpc_grpc instantiated at: /gvisor/WORKSPACE:156:13: in <toplevel> Repository rule http_archive defined at: /root/.cache/bazel/_bazel_root/5c091e64dca9ad5afc61f8dabe991a85/external/bazel_tools/tools/build_defs/repo/http.bzl:336:31: in <toplevel> WARNING: Download from https://github.com/grpc/grpc/archive/v1.26.0.tar.gz failed: class java.io.IOException Tried to reconnect at offset 644,795 but server didn't support it ERROR: An error occurred during the fetch of repository 'com_github_grpc_grpc': Traceback (most recent call last): File "/root/.cache/bazel/_bazel_root/5c091e64dca9ad5afc61f8dabe991a85/external/bazel_tools/tools/build_defs/repo/http.bzl", line 111, column 45, in _http_archive_impl download_info = ctx.download_and_extract( Error in download_and_extract: java.io.IOException: Error downloading [https://github.com/grpc/grpc/archive/v1.26.0.tar.gz] to /root/.cache/bazel/_bazel_root/5c091e64dca9ad5afc61f8dabe991a85/external/com_github_grpc_grpc/temp11301970111942918486/v1.26.0.tar.gz: Tried to reconnect at offset 644,795 but server didn't support it ERROR: no such package '@com_github_grpc_grpc//bazel': java.io.IOException: Error downloading [https://github.com/grpc/grpc/archive/v1.26.0.tar.gz] to /root/.cache/bazel/_bazel_root/5c091e64dca9ad5afc61f8dabe991a85/external/com_github_grpc_grpc/temp11301970111942918486/v1.26.0.tar.gz: Tried to reconnect at offset 644,795 but server didn't support it INFO: Elapsed time: 102.915s INFO: 0 processes. FAILED: Build did NOT complete successfully (0 packages loaded)
不要rm,重新来一遍 root@cloud:/gvisor# bazel build runsc DEBUG: /root/.cache/bazel/_bazel_root/5c091e64dca9ad5afc61f8dabe991a85/external/bazel_toolchains/rules/rbe_repo/version_check.bzl:68:14: Current running Bazel is ahead of bazel-toolchains repo. Please update your pin to bazel-toolchains repo in your WORKSPACE file. DEBUG: /root/.cache/bazel/_bazel_root/5c091e64dca9ad5afc61f8dabe991a85/external/bazel_toolchains/rules/rbe_repo/checked_in.bzl:125:14: rbe_default not using checked in configs; Bazel version 3.7.1 was picked/selected but no checked in config was found in map {"0.20.0": ["8.0.0"], "0.21.0": ["8.0.0"], "0.22.0": ["8.0.0", "9.0.0"], "0.23.0": ["8.0.0", "9.0.0"], "0.23.1": ["8.0.0", "9.0.0"], "0.23.2": ["9.0.0"], "0.24.0": ["9.0.0"], "0.24.1": ["9.0.0"], "0.25.0": ["9.0.0"], "0.25.1": ["9.0.0"], "0.25.2": ["9.0.0"], "0.26.0": ["9.0.0"], "0.26.1": ["9.0.0"], "0.27.0": ["9.0.0"], "0.27.1": ["9.0.0"], "0.28.0": ["9.0.0"], "0.28.1": ["9.0.0"], "0.29.0": ["9.0.0"], "0.29.1": ["9.0.0", "10.0.0"], "1.0.0": ["9.0.0", "10.0.0"], "1.0.1": ["10.0.0"], "1.1.0": ["10.0.0"], "1.2.0": ["10.0.0"], "1.2.1": ["10.0.0"], "2.0.0": ["10.0.0"], "2.1.0": ["10.0.0"], "2.1.1": ["10.0.0", "11.0.0"], "2.2.0": ["11.0.0"], "3.0.0": ["11.0.0"], "3.1.0": ["11.0.0"]} INFO: Analyzed target //runsc:runsc (336 packages loaded, 11640 targets configured). INFO: Found 1 target... Target //runsc:runsc up-to-date: bazel-out/aarch64-fastbuild-ST-4c64f0b3d5c7/bin/runsc/runsc_/runsc INFO: Elapsed time: 252.029s, Critical Path: 52.37s INFO: 1665 processes: 36 internal, 1629 linux-sandbox. INFO: Build completed successfully, 1665 total actions
bazel-out/aarch64-fastbuild-ST-4c64f0b3d5c7/bin/runsc/runsc_/runsc -h Usage: runsc <flags> <subcommand> <subcommand args> Subcommands: checkpoint checkpoint current state of container (experimental) create create a secure container delete delete resources held by a container do Simplistic way to execute a command inside the sandbox. It's to be used for testing only. events display container events such as OOM notifications, cpu, memory, and IO usage statistics exec execute new process inside the container flags describe all known top-level flags gofer launch a gofer process that serves files over 9P protocol (internal use only) help Print help documentation. kill sends a signal to the container list list containers started by runsc with the given root pause pause suspends all processes in a container ps ps displays the processes running inside a container restore restore a saved state of container (experimental) resume Resume unpauses a paused container run create and run a secure container spec create a new OCI bundle specification file start start a secure container state get the state of a container symbolize Convert synthetic instruction pointers from kcov into positions in the runsc source code. Only used when Go coverage is enabled. wait wait on a process inside a container Subcommands for helpers: install adds a runtime to docker daemon configuration uninstall removes a runtime from docker daemon configuration Subcommands for internal use only: boot launch a sandbox process (internal use only) debug shows a variety of debug information gofer launch a gofer process that serves files over 9P protocol (internal use only) state shows information about a statefile Use "runsc flags" for a list of top-level flags
root@cloud:/gvisor# cp bazel-out/aarch64-fastbuild-ST-4c64f0b3d5c7/bin/runsc/runsc_/runsc /usr/local/bin root@cloud:/gvisor# docker run --runtime=runsc -it ubuntu /bin/bash docker: Error response from daemon: Unknown runtime specified runsc. See 'docker run --help'. root@cloud:/gvisor#
root@cloud:/etc/systemd/system# cat /etc/systemd/system/docker.service.d/kata-containers.conf [Service] Environment="" Environment="" ExecStart= #ExecStart=/usr/bin/dockerd #ExecStart=/usr/bin/dockerd -D --default-runtime runc --add-runtime kata-runtime=/usr/local/bin/kata-runtime --default-runtime=runc --storage-driver=overlay2 ExecStart=/usr/bin/dockerd -D --default-runtime runc --add-runtime runsc=/usr/local/bin/runsc --default-runtime=runc --storage-driver=overlay2
systemctl daemon-reload
systemctl restart docker
root@cloud:/gvisor# docker run --runtime=runsc -it ubuntu /bin/bash root@1e2afa149853:/# ip a bash: ip: command not found root@1e2afa149853:/# ls bin boot dev etc home lib media mnt opt proc root run sbin srv sys tmp usr var root@1e2afa149853:/#
gvisor runtime components
docker run --runtime=runsc -it ubuntu /bin/bash
ps -aux | grep runsc
Will show 4 processes.
wenbo docker run --runtime=runsc -it ubuntu /bin/bash
root docker-containerd-shim -namespace moby ...... -containerd-binary ......
root /usr/local/bin/runsc ...... gofer ......
nobody /runsc ... boot ...
This figure is from the presentation of Dawn Chen and Zhengyu He.
docker run --runtime=runsc -it ubuntu /bin/bashis Application process, UID wenbo/usr/local/bin/runsc ...... gofer ......is Gofer process, UID root/runsc ... boot ...is Sentry, UID nobody. KVM will forward the syscall requests from Application process to this process, which runs the syscall handlers, therefore, it can be regarded as the “kernel process”.
Sentry
root@cloud:~/onlyGvisor/gvisor# cat /proc/898157/maps 00010000-00995000 r-xp 00000000 08:22 3426031 /usr/local/bin/runsc 009a0000-014cf000 r--p 00990000 08:22 3426031 /usr/local/bin/runsc 014d0000-01501000 rw-p 014c0000 08:22 3426031 /usr/local/bin/runsc 01501000-0153a000 rw-p 00000000 00:00 0 4000000000-4004000000 rw-p 00000000 00:00 0 ffff28898000-ffff288d8000 rw-p 00000000 00:00 0 ffff28a58000-ffff28ad8000 rw-p 00000000 00:00 0 ffff28ad8000-ffff28cd8000 r--s 00000000 08:22 5253376 /root/usr/lib/aarch64-linux-gnu/libnss_files-2.31.so ffff28cd8000-ffff28da8000 rw-p 00000000 00:00 0 ffff28da8000-ffff28fa8000 r--s 00000000 08:22 5253313 /root/usr/lib/aarch64-linux-gnu/libc-2.31.so ffff28fa8000-ffff291a8000 r--s 00000000 08:22 5253324 /root/usr/lib/aarch64-linux-gnu/libdl-2.31.so ffff291a8000-ffff293a8000 r--s 00000000 08:22 5253431 /root/usr/lib/aarch64-linux-gnu/libtinfo.so.6.2 ffff293a8000-ffff295a8000 r--s 00000000 08:22 5253291 /root/usr/lib/aarch64-linux-gnu/ld-2.31.so ffff295a8000-ffff297a8000 r--s 00000000 08:22 5252743 /root/usr/bin/bash ffff297a8000-ffff298a9000 rw-s 00303000 00:01 8830122 /memfd:flipcall_packet_windows (deleted) ffff298a9000-ffff299aa000 rw-s 00202000 00:01 8830122 /memfd:flipcall_packet_windows (deleted) ffff299aa000-ffff29aab000 rw-s 00101000 00:01 8830122 /memfd:flipcall_packet_windows (deleted) ffff29aab000-ffff29bac000 rw-s 00000000 00:01 8830122 /memfd:flipcall_packet_windows (deleted) ffff29bac000-ffff29cad000 rw-s 00303000 00:01 8807919 /memfd:flipcall_packet_windows (deleted) ffff29cad000-ffff29dae000 rw-s 00202000 00:01 8807919 /memfd:flipcall_packet_windows (deleted) ffff29dae000-ffff29eaf000 rw-s 00101000 00:01 8807919 /memfd:flipcall_packet_windows (deleted) ffff29eaf000-ffff29fb0000 rw-s 00000000 00:01 8807919 /memfd:flipcall_packet_windows (deleted) ffff29fb0000-ffff29ff0000 rw-p 00000000 00:00 0 ffff29ff0000-ffff2a0f1000 rw-s 00303000 00:01 8800470 /memfd:flipcall_packet_windows (deleted) ffff2a0f1000-ffff2a1f2000 rw-s 00202000 00:01 8800470 /memfd:flipcall_packet_windows (deleted) ffff2a1f2000-ffff2a2f3000 rw-s 00101000 00:01 8800470 /memfd:flipcall_packet_windows (deleted) ffff2a2f3000-ffff2a3f4000 rw-s 00000000 00:01 8800470 /memfd:flipcall_packet_windows (deleted) ffff2a3f4000-ffff2a4f5000 rw-s 00303000 00:01 8837550 /memfd:flipcall_packet_windows (deleted) ffff2a4f5000-ffff2a5f6000 rw-s 00202000 00:01 8837550 /memfd:flipcall_packet_windows (deleted) ffff2a5f6000-ffff2a6f7000 rw-s 00101000 00:01 8837550 /memfd:flipcall_packet_windows (deleted) ffff2a6f7000-ffff2a7f8000 rw-s 00000000 00:01 8837550 /memfd:flipcall_packet_windows (deleted) ffff2a7f8000-ffff2a988000 rw-p 00000000 00:00 0 ffff2a988000-ffff6a988000 rw-s 00000000 00:01 8537676 /memfd:runsc-memory (deleted) ffff6a988000-ffff6a9c8000 rw-p 00000000 00:00 0 ffff6a9c8000-ffff6a9c9000 rw-s 00000000 00:01 8797507 /memfd:memory-usage (deleted) ffff6a9c9000-ffff6ceda000 rw-p 00000000 00:00 0 ffff6ceda000-ffff6cf5a000 ---p 00000000 00:00 0 ffff6cf5a000-ffff6cf5b000 rw-p 00000000 00:00 0 ffff6cf5b000-ffff8ceea000 ---p 00000000 00:00 0 ffff8ceea000-ffff8ceeb000 rw-p 00000000 00:00 0 ffff8ceeb000-ffff90edc000 ---p 00000000 00:00 0 ffff90edc000-ffff90edd000 rw-p 00000000 00:00 0 ffff90edd000-ffff916da000 ---p 00000000 00:00 0 ffff916da000-ffff916db000 rw-p 00000000 00:00 0 ffff916db000-ffff917da000 ---p 00000000 00:00 0 ffff917da000-ffff9183a000 rw-p 00000000 00:00 0 ffff9183a000-ffff9183b000 r--p 00000000 00:00 0 [vvar] ffff9183b000-ffff9183c000 r-xp 00000000 00:00 0 [vdso] fffff6da7000-fffff6dc8000 rw-p 00000000 00:00 0 [stack] ffffffff0000-ffffffff1000 r-xp 00000000 00:00 0
kvm
root@cloud:/gvisor# cd /etc/systemd/system/docker.service.d/ root@cloud:/etc/systemd/system/docker.service.d# ls kata-containers.conf root@cloud:/etc/systemd/system/docker.service.d# mv kata-containers.conf kata-containers.conf.bak root@cloud:/etc/systemd/system/docker.service.d# ls kata-containers.conf.bak root@cloud:/etc/systemd/system/docker.service.d# cat /etc/docker/daemon.json cat: /etc/docker/daemon.json: No such file or directory root@cloud:/etc/systemd/system/docker.service.d# ls /etc/docker/ key.json root@cloud:/etc/systemd/system/docker.service.d# ls /etc/docker/key.json /etc/docker/key.json root@cloud:/etc/systemd/system/docker.service.d# cd /etc/docker/ root@cloud:/etc/docker# ls key.json root@cloud:/etc/docker# rm key.json -rf root@cloud:/etc/docker# rz -be rz waiting to receive. zmodem trl+C ȡ 100% 355 bytes 355 bytes/s 00:00:01 0 Errors root@cloud:/etc/docker# systemctl daemon-reload root@cloud:/etc/docker# systemctl restart docker root@cloud:/etc/docker# cat daemon.json { "runtimes": { "runsc-ptrace": { "path": "/usr/local/bin/runsc", "runtimeArgs": [ "--platform=ptrace" ] }, "runsc-kvm": { "path": "/usr/local/bin/runsc", "runtimeArgs": [ "--platform=kvm" ] } } }root@cloud:/etc/docker#
root@cloud:/gvisor# docker run --runtime=runsc-kvm --rm --name=test -d alpine sleep 1000 e910cbadcdee750b323188a7ca1d6252b4e0fd658bb196d15fc221cb35229edc root@cloud:/gvisor#
1908 runsc --debug --debug-log=/tmp/runsc/ run mybusy 1909 runsc --strace --debug-log=/tmp/runsc/ run mybusy
{ "runtimes": { "runsc": { "path": "/usr/local/bin/runsc", "runtimeArgs": [ "--debug-log=/tmp/runsc/", "--debug", "--strace" ] } } }
cat /etc/docker/daemon.json { "runtimes": { "runsc-ptrace": { "path": "/usr/local/bin/runsc", "runtimeArgs": [ "--platform=ptrace" ] }, "runsc-kvm": { "path": "/usr/local/bin/runsc", "runtimeArgs": [ "--debug-log=/tmp/runsc/", "--debug", "--strace", "--platform=kvm" ] } } }
runsc --overlay run alpinec1