[TOC]
gVisor implements a large portion of the Linux surface and while we strive to make it broadly compatible, there are (and always will be) unimplemented features and bugs. The only real way to know if it will work is to try. If you find a container that doesn’t work and there is no known issue, please file a bug indicating the full command you used to run the image. You can view open issues related to compatibility here.
If you're able to provide the debug logs, the problem likely to be fixed much faster.
The following applications/images have been tested:
- elasticsearch
- golang
- httpd
- java8
- jenkins
- mariadb
- memcached
- mongo
- mysql
- nginx
- node
- php
- postgres
- prometheus
- python
- redis
- registry
- tomcat
- wordpress
Most common utilities work. Note that:
-
Some tools, such as
tcpdumpand old versions ofping, require explicitly enabling raw sockets via the unsafe--net-rawrunsc flag.- In case of tcpdump the following invocations will work
- tcpdump -i any
- tcpdump -i <device-name> -p (-p disables promiscuous mode)
- In case of tcpdump the following invocations will work
-
Different Docker images can behave differently. For example, Alpine Linux and Ubuntu have different
ipbinaries.Specific tools include:
| Tool | Status |
|---|---|
| apt-get | Working. |
| bundle | Working. |
| cat | Working. |
| curl | Working. |
| dd | Working. |
| df | Working. |
| dig | Working. |
| drill | Working. |
| env | Working. |
| find | Working. |
| gcore | Working. |
| gdb | Working. |
| gosu | Working. |
| grep | Working (unless stdin is a pipe and stdout is /dev/null). |
| ifconfig | Works partially, like ip. Full support in progress. |
| ip | Some subcommands work (e.g. addr, route). Full support in progress. |
| less | Working. |
| ls | Working. |
| lsof | Working. |
| mount | Works in readonly mode. gVisor doesn't currently support creating new mounts at runtime. |
| nc | Working. |
| nmap | Not working. |
| netstat | In progress. |
| nslookup | Working. |
| ping | Working. |
| ps | Working. |
| route | Working. |
| ss | In progress. |
| sshd | Partially working. Job control in progress. |
| strace | Working. |
| tar | Working. |
| tcpdump | Working only with libpcap versions < 1.10, Promiscuous mode in progress. |
| top | Working. |
| uptime | Working. |
| vim | Working. |
| wget | Working. |