-
### Description
The maximum stack size (set with `ulimit -s`) currently appears to be [limited to 128 MB](https://github.com/google/gvisor/blob/01142fe5992a57fce4ac748598337f4a27d1313b/pkg/sentry/m…
-
**Describe the bug**
I believe this is a bug, we created new node pools and did not have enough CPU quota, so we just increased the quota and waiting for config connector to retry. It did retry and t…
-
Most of the time, developers install and run packages as non-root users. Currently, commands inside the analysis container run as root which is easy to set up but not as realistic. It would be ideal t…
-
The tests in `test` can only be built on x86_64 as `test/fcos.go` uses a `getFCOSDownload` method which is only defined in `test/fcos_amd64.go`
This means `go test ./test` will only be buildable on …
-
If a malicious image is specified in `FROM` accidentally (e.g. due to a typo), the attacker can easily steal GCP credential via `/secret`.
To prevent such attacks, how about isolating `RUN` instruc…
-
**Describe the solution you'd like**
Idea is to implement libslirp or equivalent networking model for macvz.
With this implementation, we should be able to resolve issues around vpn connection an…
-
I am trying to use gVisor as a runtime along with the gvisor-containerd-shim in Kubernetes. The Kubernetes pods are able to talk to each other using their internal IPs but it seems that the created IP…
-
**Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)**
/kind bug
**Description**
Podman machine on MacOS does not forward IPv6 TCP traffic.
Regardless of limitat…
-
Hello! Was looking for something like this project.
Installed as per docs, annotated namespace with
```
kubectl label namespace ingress-nginx runtimeclassname-default=gvisor-hostnetwork
```
I…
-
### Description
I am running gvisor in promiscuous, and when the icmp echo request from the downstream gets to the gvisor stack, gvisor handles the icmp echo response by itself even if there is a `Tr…