Platforms (KVM)

This document will help you set up your system to use a different gVisor platform.

What is a Platform?

gVisor requires a platform to implement interception of syscalls, basic context switching, and memory mapping functionality. These are described in more depth in the Architecture Guide.

Selecting a Platform

The platform is selected by the --platform command line flag passed to runsc. By default, the ptrace platform is selected. To select a different platform, modify your Docker configuration (/etc/docker/daemon.json) to pass this argument:

{
    "runtimes": {
        "runsc": {
            "path": "/usr/local/bin/runsc",
            "runtimeArgs": [
                "--platform=kvm"
            ]
       }
    }
}

You must restart the Docker daemon after making changes to this file, typically this is done via systemd:

sudo systemctl restart docker

Example: Using the KVM Platform

The KVM platform is currently experimental; however, it provides several benefits over the default ptrace platform.

Prerequisites

You will also to have KVM installed on your system. If you are running a Debian based system like Debian or Ubuntu you can usually do this by installing the qemu-kvm package.

sudo apt-get install qemu-kvm

If you are using a virtual machine you will need to make sure that nested virtualization is configured. Here are links to documents on how to set up nested virtualization in several popular environments:

Configuring Docker

Per above, you will need to configure Docker to use runsc with the KVM platform. You will remember from the Docker Quick Start that you configured Docker to use runsc as the runtime. Docker allows you to add multiple runtimes to the Docker configuration.

Add a new entry for the KVM platform entry to your Docker configuration (/etc/docker/daemon.json) in order to provide the --platform=kvm runtime argument.

In the end, the file should look something like:

{
    "runtimes": {
        "runsc": {
            "path": "/usr/local/bin/runsc"
        },
        "runsc-kvm": {
            "path": "/usr/local/bin/runsc",
            "runtimeArgs": [
                "--platform=kvm"
            ]
        }
    }
}

You must restart the Docker daemon after making changes to this file, typically this is done via systemd:

sudo systemctl restart docker

Running a container

Now run your container using the runsc-kvm runtime. This will run the container using the KVM platform:

docker run --runtime=runsc-kvm --rm hello-world