What operating systems are supported?

gVisor requires Linux 4.14.77+ (older Linux).

What CPU architectures are supported?

gVisor currently supports x86_64/AMD64 compatible processors.

Do I need to modify my Linux application to use gVisor?

No. gVisor is capable of running unmodified Linux binaries.

What binary formats does gVisor support?

gVisor supports Linux ELF binaries. Binaries run in gVisor should be built for the AMD64 CPU architecture.

Can I run Docker images using gVisor.

Yes. Please see the Docker Quick Start.


My container runs fine with runc but fails with runsc

If you’re having problems running a container with runsc it’s most likely due to a compatibility issue or a missing feature in gVisor. See Debugging.

When I run my container, docker fails with: open /run/containerd/.../<containerid>/log.json: no such file or directory

You are using an older version of Linux which doesn’t support memfd_create. gVisor requires Linux 4.14.77+ (older Linux).

When I run my container, docker fails with: flag provided but not defined: -console

You’re using an old version of Docker. See Docker Quick Start.

I can’t see a file copied with: docker cp

For performance reasons, gVisor caches directory contents, and therefore it may not realize a new file was copied to a given directory. To invalidate the cache and force a refresh, create a file under the directory in question and list the contents again.

As a workaround, shared root filesystem can be enabled. See Filesystem.

This bug is tracked in bug #4.

Note that kubectl cp works because it does the copy by exec’ing inside the sandbox, and thus gVisor’s internal cache is made aware of the new files and directories.

I’m getting an error like: panic: unable to attach: operation not permitted

Make sure that permissions and the owner is correct on the runsc binary.

sudo chown root:root /usr/local/bin/runsc
sudo chmod 0755 /usr/local/bin/runsc

What’s the security model?

See the Security Model.