Expand description
gVisor [CellBackend] — uses runsc, the gVisor OCI runtime, to isolate
a cell without /dev/kvm.
L2-06-5 status: skeleton.
This backend is targeted at environments where a hardware-virt backend
(Firecracker) is unavailable — primarily GKE pods (KVM is gated behind the
kvm feature flag, and nested virt is paid) and a subset of CI runners
(e.g. GitHub ubuntu-latest without /dev/kvm exposed). gVisor’s
user-mode kernel (runsc) intercepts the workload’s syscalls and provides
a defence-in-depth boundary that Linux namespaces alone do not.
§Scope of the skeleton
The OCI bundle generator and the command-line plumbing for runsc run /
runsc kill / runsc delete are stubs that:
- translate an [
ExecutionCellDocument] into the on-disk piecesrunscexpects (bundle directory containingconfig.jsonand arootfs/), - shell out to
runscwith the documented argument shape, - wait for the container process to exit and surface its exit code.
The skeleton is unit-tested for the bundle generator (pure function,
no runsc required) and is gated behind #[cfg(target_os = "linux")]
because:
runscis Linux-only (it relies onptrace/KVM/systrapswitches that exist nowhere else),- the OCI runtime spec referenced in
config.jsonuses Linux namespaces directly, so a portable stub would lie about what the backend does.
On non-Linux hosts the crate compiles to an empty surface so downstream
workspace crates can still use cellos_host_gvisor::*; in
cfg(target_os = "linux") blocks without breaking macOS/dev builds.
Structs§
- Bundle
Config - Minimal OCI bundle config — what we hand to
runscviaconfig.json. - GVisor
Cell Backend - gVisor-backed
CellBackend.
Enums§
- Bundle
Config Error - Generator error. Kept simple and self-describing; surfaced verbatim
in the supervisor’s
CellosError::Backendwrapping at the call site (backend::GVisorCellBackend::create).
Functions§
- generate_
bundle_ config - Translate an
ExecutionCellDocumentinto aBundleConfig.