Skip to main content

GVisorRuntime

nucleus::security

Struct GVisorRuntime

pub struct GVisorRuntime { /* private fields */ }

Expand description

GVisor runtime manager

Implements the gVisor state machine from NucleusSecurity_GVisor_GVisorRuntime.tla

Implementations§

impl GVisorRuntime

pub fn new() -> Result<Self>

Create a new GVisor runtime manager

This checks for runsc binary availability

pub fn with_path(runsc_path: String) -> Self

Create a GVisor runtime with a pre-resolved runsc path.

Use this when the path was resolved before privilege changes (e.g. before entering a user namespace where UID 0 would block PATH-based lookup).

pub fn resolve_path() -> Result<String>

Resolve the runsc path without constructing a full runtime. Call this before fork/unshare so the path is resolved while still unprivileged.

pub fn exec_with_oci_bundle( &self, container_id: &str, bundle: &OciBundle, ) -> Result<()>

Execute using gVisor with an OCI bundle

This is the OCI-compliant way to run containers with gVisor using default options: no networking, systrap platform, no rootless flag, and no internal cgroup setup override.

pub fn exec_with_oci_bundle_options( &self, container_id: &str, bundle: &OciBundle, options: GVisorOciRunOptions, ) -> Result<()>

Execute using gVisor with an OCI bundle and explicit run options.

ignore_cgroups skips runsc’s internal cgroup configuration because Nucleus already manages cgroups externally and unprivileged callers cannot configure them directly. runsc_rootless selects gVisor’s built-in rootless execution path for cases where Nucleus already entered a mapped user namespace and therefore cannot express the namespace setup as an OCI linux.uidMappings request. require_supervisor_exec_policy fail-closes if Nucleus cannot install the host-side execute allowlist before handing control to runsc.

pub fn exec_with_oci_bundle_network( &self, container_id: &str, bundle: &OciBundle, network_mode: GVisorNetworkMode, ignore_cgroups: bool, runsc_rootless: bool, require_supervisor_exec_policy: bool, platform: GVisorPlatform, ) -> Result<()>

Execute using gVisor with an OCI bundle and explicit network mode.

Prefer Self::exec_with_oci_bundle_options for new call sites.

pub fn is_available() -> bool

Check if gVisor is available on this system

pub fn version(&self) -> Result<String>

Get runsc version

Auto Trait Implementations§

impl Freeze for GVisorRuntime

impl RefUnwindSafe for GVisorRuntime

impl Send for GVisorRuntime

impl Sync for GVisorRuntime

impl Unpin for GVisorRuntime

impl UnsafeUnpin for GVisorRuntime

impl UnwindSafe for GVisorRuntime

Blanket Implementations§

impl<T> Any for T
where T: 'static + ?Sized,

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more

impl<T> Borrow<T> for T
where T: ?Sized,

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more

impl<T> BorrowMut<T> for T
where T: ?Sized,

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more

impl<T> From<T> for T

fn from(t: T) -> T

Returns the argument unchanged.

impl<T> Instrument for T

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more

impl<T, U> Into<U> for T
where U: From<T>,

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

impl<T> Same for T

type Output = T

Should always be Self

impl<T, U> TryFrom<U> for T
where U: Into<T>,

type Error = Infallible

The type returned in the event of a conversion error.

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.

impl<T> WithSubscriber for T

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more