Struct GVisorRuntime 

pub struct GVisorRuntime { /* private fields */ }

GVisor runtime manager

Implements the gVisor state machine from NucleusSecurity_GVisor_GVisorRuntime.tla

Implementations

impl GVisorRuntime

pub fn new() -> Result<Self>

Create a new GVisor runtime manager

This checks for runsc binary availability

pub fn with_path(runsc_path: String) -> Self

Create a GVisor runtime with a pre-resolved runsc path.

Use this when the path was resolved before privilege changes (e.g. before entering a user namespace where UID 0 would block PATH-based lookup).

pub fn resolve_path() -> Result<String>

Resolve the runsc path without constructing a full runtime. Call this before fork/unshare so the path is resolved while still unprivileged.

pub fn exec_with_oci_bundle( &self, container_id: &str, bundle: &OciBundle, ) -> Result<()>

Execute using gVisor with an OCI bundle

This is the OCI-compliant way to run containers with gVisor. The network_mode parameter controls gVisor’s –network flag:

• GVisorNetworkMode::None → --network none (fully isolated, original behavior)
• GVisorNetworkMode::Sandbox → --network sandbox (gVisor user-space network stack)
• GVisorNetworkMode::Host → --network host (share host network namespace)

pub fn exec_with_oci_bundle_network( &self, container_id: &str, bundle: &OciBundle, network_mode: GVisorNetworkMode, rootless: bool, platform: GVisorPlatform, ) -> Result<()>

Execute using gVisor with an OCI bundle and explicit network mode.

When rootless is true, the OCI spec is expected to carry explicit user namespace mappings. In that mode we do not pass runsc’s CLI --rootless flag, because gVisor documents that flag as the runsc do-oriented path rather than the OCI run path. We still skip runsc’s internal cgroup configuration because Nucleus already manages cgroups externally and unprivileged callers cannot configure them directly.

pub fn is_available() -> bool

Check if gVisor is available on this system

pub fn version(&self) -> Result<String>

Get runsc version