-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
application should have a way to tell if it's running in gVisor #54
Comments
All of the above? |
I think that's not a good idea. An application shouldn't know / care that it's running in a vm or with gvisor or if it's sandboxed at all. If it would that would mean that it could behave nice since it knows it's being watched. And than when potentially it's not running under gvisor because it was deamned safe it could start running amoc. |
@Skarlso there's a lot of use cases that we need to know the executing environments. For example, a Java application needs to know that it's inside the cgroup control to enable a JVM specific feature and help boost the application performance a lot. In Docker, it also provides a way for applications to detect that we're inside containers. |
@chanwit Yes. And that isn't necessarily a good thing, you know. :) I guess that makes sense. It would just be nice if the application would be environment agnostic you know. Like, it shouldn't care where it's running it should be optimal by default. However, yeah. Like in C you have to optimize the compiler based on the environment as well especially for embedded systems. So environment does matter. Ignore me. :) |
Another alternative is to set CPUID Vendor ID like other VMs do. |
For humans probing, I find the syslog syscall is pretty definitive. https://github.com/google/gvisor/blob/master/pkg/sentry/kernel/syslog.go Kind of annoying to automate though, as the caller. |
* Updated configuration docs to be more consistent * Add links to configuration docs * Add links to top README * Fix markdown formatting
Some options:
/proc/gvisor
fileuname
/proc/version
The text was updated successfully, but these errors were encountered: