gVisor

gVisor is a user-space kernel, written in Go, that implements a substantial portion of the Linux system surface. It includes an Open Container Initiative (OCI) runtime called runsc that provides an isolation boundary between the application and the host kernel.

Compile runsc

There may be problems compiling runsc following gVisor README instructions if you are behind a proxy. Here is how to compile it in China.

# make git and bazel work with your proxy 

sudo git config --system http.proxy  http://proxy.example.com
sudo git config --system https.proxy  http://proxy.example.com
export http_proxy=http://proxy.example.com
export https_proxy=http://proxy.example.com

diff --git a/WORKSPACE b/WORKSPACE
index 5ce2245..f8bdaab 100644
--- a/WORKSPACE
+++ b/WORKSPACE
@@ -57,12 +57,16 @@ go_repository(
     name = "org_golang_x_net",
     importpath = "golang.org/x/net",
     commit = "b3c676e531a6dc479fa1b35ac961c13f5e2b4d2e",
+    vcs = "git",
+    remote = "https://github.com/golang/net.git",
 )
 
 go_repository(
     name = "org_golang_x_sys",
     importpath = "golang.org/x/sys",
     commit = "0dd5e194bbf5eb84a39666eb4c98a4d007e4203a",
+    vcs = "git",
+    remote = "https://github.com/golang/sys.git",
 )
 
 go_repository(

bazel build runsc

gvisor

google's new container - gvisor

gVisor

Compile runsc