feat: opt-in gVisor (runsc) runtime for sandboxes#16
Open
tastyeffectco wants to merge 1 commit into
Open
Conversation
Adds SANDBOXD_RUNTIME=runsc to run every sandbox under gVisor for stronger per-sandbox kernel isolation. Opt-in; the default stays runc. - docker.RunSpec.Runtime -> --runtime - when runsc is on, write a resolv.conf (SANDBOXD_DNS, default 1.1.1.1,8.8.8.8) and bind-mount it into each sandbox, because gVisor's netstack can't reach Docker's embedded DNS (127.0.0.11) on a user-defined network - docs/gvisor.md: setup (requires runsc registered with --host-uds=create so the runtimed control socket is reachable from the host), DNS handling, measured trade-offs Verified end-to-end on ARM64: create -> runtime=runsc -> 4.19.0-gvisor -> DNS resolves -> internet reachable. Closes #3. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Owner
Author
Perf note (gVisor vs runc, measured on this ARM64 host, no KVM)Platform ops (median, n=3):
The gVisor cost is the sentry/gofer startup added to each Runtime workload (from Net: a fraction of a second on spin-up and ~1.5–2× on install/build-heavy work — acceptable for an opt-in stronger-isolation tier, and far from the "10× unusable" worst case sometimes cited for gVisor. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #3.
What
Opt-in gVisor runtime: set
SANDBOXD_RUNTIME=runscand every sandbox runs under gVisor for stronger per-sandbox kernel isolation. Default is unchanged (runc).Changes
docker.RunSpec.Runtime→--runtimeon the sandboxdocker run.runscis enabled, sandboxd writes aresolv.conf(fromSANDBOXD_DNS, default1.1.1.1,8.8.8.8) and bind-mounts it into each sandbox at/etc/resolv.conf. gVisor's netstack can't reach Docker's embedded DNS (127.0.0.11) on a user-defined network, so without this the agent/DNS wouldn't resolve..env.example+docker-compose.ymlknobs;docs/gvisor.md.Operator requirement (documented)
runscmust be registered withruntimeArgs: ["--host-uds=create"]— sandboxd reachesruntimedover a Unix socket on the workspace bind-mount, and gVisor's gofer only exposes a sandbox-created socket to the host with that flag. Without it, tasks/exec/status fail. Full setup indocs/gvisor.md.Verified end-to-end (ARM64, no KVM → software platform)
Build + full test suite + gofmt CI all green.
Trade-offs (measured)
Near-parity for serving / HTTP / in-sandbox HMR / CPU / bulk I/O;
pnpm install~1.7×; syscall-heavy microbenchmarks ~4×. Host-side file edits don't trigger HMR under gVisor's gofer (in-sandbox edits do). Seedocs/gvisor.md.Opt-in and experimental; zero impact when
SANDBOXD_RUNTIMEis unset.