OCI Quick Start
This guide will quickly get you started running your first gVisor sandbox container using the runtime directly with the default platform.
Note: gVisor supports only x86_64 and requires Linux 4.14.77+ (older Linux).
Older builds can also be found here:
With corresponding SHA512 checksums here:
It is important to copy this binary to a location that is accessible to all
users, and ensure it is executable by all users, since
runsc executes itself
nobody to avoid unnecessary privileges. The
/usr/local/bin directory is
a good place to put the
( set -e wget https://storage.googleapis.com/gvisor/releases/nightly/latest/runsc wget https://storage.googleapis.com/gvisor/releases/nightly/latest/runsc.sha512 sha512sum -c runsc.sha512 chmod a+x runsc sudo mv runsc /usr/local/bin sudo chown root:root /usr/local/bin/runsc )
Run an OCI compatible container
Now we will create an OCI container bundle to run our container. First we will create a root directory for our bundle.
mkdir bundle cd bundle
Create a root file system for the container. We will use the Docker hello-world image as the basis for our container.
mkdir rootfs docker export $(docker create hello-world) | tar -xf - -C rootfs
Next, create an specification file called
config.json that contains our
container specification. We will update the default command it runs to
runsc spec sed -i 's;"sh";"/hello";' config.json
Finally run the container.
sudo runsc run hello
Next try running gVisor using Docker.