github.com/SagerNet/gvisor@v0.0.0-20210707092255-7731c139d75c/g3doc/user_guide/platforms.md

github.com/SagerNet/gvisor@v0.0.0-20210707092255-7731c139d75c/g3doc/user_guide/platforms.md (about)

     1  # Changing Platforms
     2  
     3  [TOC]
     4  
     5  This guide described how to change the
     6  [platform](../architecture_guide/platforms.md) used by `runsc`.
     7  
     8  ## Prerequisites
     9  
    10  If you intend to run the KVM platform, you will also to have KVM installed on
    11  your system. If you are running a Debian based system like Debian or Ubuntu you
    12  can usually do this by ensuring the module is loaded, and permissions are
    13  appropriately set on the `/dev/kvm` device.
    14  
    15  If you have an Intel CPU:
    16  
    17  ```bash
    18  sudo modprobe kvm-intel && sudo chmod a+rw /dev/kvm
    19  ```
    20  
    21  If you have an AMD CPU:
    22  
    23  ```bash
    24  sudo modprobe kvm-amd && sudo chmod a+rw /dev/kvm
    25  ```
    26  
    27  If you are using a virtual machine you will need to make sure that nested
    28  virtualization is configured. Here are links to documents on how to set up
    29  nested virtualization in several popular environments:
    30  
    31  *   Google Cloud: [Enabling Nested Virtualization for VM Instances][nested-gcp]
    32  *   Microsoft Azure:
    33      [How to enable nested virtualization in an Azure VM][nested-azure]
    34  *   VirtualBox: [Nested Virtualization][nested-virtualbox]
    35  *   KVM: [Nested Guests][nested-kvm]
    36  
    37  ***Note: nested virtualization will have poor performance and is historically a
    38  cause of security issues (e.g.
    39  [CVE-2018-12904](https://nvd.nist.gov/vuln/detail/CVE-2018-12904)). It is not
    40  recommended for production.***
    41  
    42  ## Configuring Docker
    43  
    44  The platform is selected by the `--platform` command line flag passed to
    45  `runsc`. By default, the ptrace platform is selected. For example, to select the
    46  KVM platform, modify your Docker configuration (`/etc/docker/daemon.json`) to
    47  pass the `--platform` argument:
    48  
    49  ```json
    50  {
    51      "runtimes": {
    52          "runsc": {
    53              "path": "/usr/local/bin/runsc",
    54              "runtimeArgs": [
    55                  "--platform=kvm"
    56              ]
    57         }
    58      }
    59  }
    60  ```
    61  
    62  You must restart the Docker daemon after making changes to this file, typically
    63  this is done via `systemd`:
    64  
    65  ```bash
    66  sudo systemctl restart docker
    67  ```
    68  
    69  Note that you may configure multiple runtimes using different platforms. For
    70  example, the following configuration has one configuration for ptrace and one
    71  for the KVM platform:
    72  
    73  ```json
    74  {
    75      "runtimes": {
    76          "runsc-ptrace": {
    77              "path": "/usr/local/bin/runsc",
    78              "runtimeArgs": [
    79                  "--platform=ptrace"
    80              ]
    81          },
    82          "runsc-kvm": {
    83              "path": "/usr/local/bin/runsc",
    84              "runtimeArgs": [
    85                  "--platform=kvm"
    86              ]
    87          }
    88      }
    89  }
    90  ```
    91  
    92  [nested-azure]: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/nested-virtualization
    93  [nested-gcp]: https://cloud.google.com/compute/docs/instances/enable-nested-virtualization-vm-instances
    94  [nested-virtualbox]: https://www.virtualbox.org/manual/UserManual.html#nested-virt
    95  [nested-kvm]: https://www.linux-kvm.org/page/Nested_Guests