Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

application should have a way to tell if it's running in gVisor #54

Closed
nlacasse opened this issue May 16, 2018 · 6 comments
Closed

application should have a way to tell if it's running in gVisor #54

nlacasse opened this issue May 16, 2018 · 6 comments

Comments

@nlacasse
Copy link
Collaborator

Some options:

  • Add a /proc/gvisor file
  • Put something in uname
  • Put something in /proc/version
@dbcode
Copy link
Contributor

dbcode commented May 16, 2018

All of the above?

@Skarlso
Copy link

Skarlso commented May 17, 2018

I think that's not a good idea. An application shouldn't know / care that it's running in a vm or with gvisor or if it's sandboxed at all. If it would that would mean that it could behave nice since it knows it's being watched. And than when potentially it's not running under gvisor because it was deamned safe it could start running amoc.

@chanwit
Copy link
Contributor

chanwit commented May 17, 2018

@Skarlso there's a lot of use cases that we need to know the executing environments. For example, a Java application needs to know that it's inside the cgroup control to enable a JVM specific feature and help boost the application performance a lot.

In Docker, it also provides a way for applications to detect that we're inside containers.

@Skarlso
Copy link

Skarlso commented May 17, 2018

@chanwit Yes. And that isn't necessarily a good thing, you know. :)

I guess that makes sense. It would just be nice if the application would be environment agnostic you know. Like, it shouldn't care where it's running it should be optimal by default.

However, yeah. Like in C you have to optimize the compiler based on the environment as well especially for embedded systems. So environment does matter.

Ignore me. :)

@fvoznika
Copy link
Member

Another alternative is to set CPUID Vendor ID like other VMs do.

@hugelgupf
Copy link
Collaborator

For humans probing, I find the syslog syscall is pretty definitive. https://github.com/google/gvisor/blob/master/pkg/sentry/kernel/syslog.go

Kind of annoying to automate though, as the caller.

tonistiigi pushed a commit to tonistiigi/gvisor that referenced this issue Jan 30, 2019
@fvoznika @shentubot
Add 'Starting gVisor...' message to syslog
a573cd2 
This allows applications to verify they are running with gVisor. It
also helps debugging when running with a mix of container runtimes.

Closes google#54

PiperOrigin-RevId: 212059457
Change-Id: I51d9595ee742b58c1f83f3902ab2e2ecbd5cedec
Upstream-commit: 172860a
@dopiera dopiera mentioned this issue Apr 27, 2020
Closed
amscanne pushed a commit to amscanne/gvisor that referenced this issue May 6, 2020
@ianlewis
Config docs (google#54)
ec51ea5 
* Updated configuration docs to be more consistent

* Add links to configuration docs

* Add links to top README

* Fix markdown formatting
@emaildanwilson emaildanwilson mentioned this issue Dec 10, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@chanwit @nlacasse @Skarlso @hugelgupf @fvoznika @dbcode