majek/rungvisor.sh

## rungvisor.sh
#!/bin/bash
set -e

# Dependencies:
# apt install jq
if [ ]; then
    GVFLAGS=--network=host
    FILESZ=1G
else
    FILESZ=16M
fi

RUNSC="./runsc"
SLIRP="./slirp4netns"

if [ ! -f config.json ]; then
    ${RUNSC} spec
    EXTRA_CAPS='"CAP_SETGID", "CAP_SETUID", "CAP_CHOWN", "CAP_DAC_OVERRIDE", "CAP_FOWNER", "CAP_SETFCAP", "CAP_SETPCAP"'
    sed -i "s#\(\"CAP_NET_BIND_SERVICE\"\)#\1, ${EXTRA_CAPS}#" config.json
    sed -i 's#readonly": true#readonly": false#' config.json
    sed -i 's#\("TERM=xterm"\)#\1,\n"DEBIAN_FRONTEND=noninteractive"#' config.json
fi

if [ ! -d rootfs ]; then
    mkdir rootfs
    docker export $(docker create ubuntu:bionic) | tar -xf - -C rootfs
    echo "nameserver 10.0.2.3" > rootfs/etc/resolv.conf
fi

echo "[*] Cleanup"
pkill -f 'python -m SimpleHTTPServer' || true
pkill 'slirp4netns' || true

${RUNSC} kill hello || true
${RUNSC} delete hello || true
rm file.bin || true

echo "[*] Create gvisor"

# gofer requires many files
ulimit -n 1048576
${RUNSC} ${GVFLAGS} create hello

NSPID=`${RUNSC} state hello | jq .pid`
nsenter -n -t ${NSPID} ip link set lo up
nsenter -n -t ${NSPID} ip tuntap add mode tap name eth0
nsenter -n -t ${NSPID} ip link set dev eth0 up
nsenter -n -t ${NSPID} ip addr add 10.0.2.100/24 dev eth0
nsenter -n -t ${NSPID} ip neigh add 10.0.2.2 lladdr 70:71:aa:4b:29:aa dev eth0
nsenter -n -t ${NSPID} ip route add 0.0.0.0/0 via 10.0.2.2 dev eth0

fallocate -l ${FILESZ} file.bin
python -m SimpleHTTPServer 8080 &
HTTPPID=$!

${SLIRP} ${NSPID} -m 65521 eth0 &
SLIRPPID=$!

echo "[*] Start gvisor"

${RUNSC} ${GVFLAGS} start hello

if [ ! -f rootfs/usr/bin/curl ]; then
    ${RUNSC} exec hello apt-get -q update
    ${RUNSC} exec hello apt-get -qy install apt-utils ca-certificates curl
fi

echo "[*] running curl"
${RUNSC} exec hello curl 10.0.2.2:8080/file.bin -o /dev/null || true

${RUNSC} kill -all hello
${RUNSC} delete -force hello || true

kill ${SLIRPPID} ${HTTPPID}
	#!/bin/bash
	set -e

	# Dependencies:
	# apt install jq
	if [ ]; then
	GVFLAGS=--network=host
	FILESZ=1G
	else
	FILESZ=16M
	fi

	RUNSC="./runsc"
	SLIRP="./slirp4netns"

	if [ ! -f config.json ]; then
	${RUNSC} spec
	EXTRA_CAPS='"CAP_SETGID", "CAP_SETUID", "CAP_CHOWN", "CAP_DAC_OVERRIDE", "CAP_FOWNER", "CAP_SETFCAP", "CAP_SETPCAP"'
	sed -i "s#\(\"CAP_NET_BIND_SERVICE\"\)#\1, ${EXTRA_CAPS}#" config.json
	sed -i 's#readonly": true#readonly": false#' config.json
	sed -i 's#\("TERM=xterm"\)#\1,\n"DEBIAN_FRONTEND=noninteractive"#' config.json
	fi

	if [ ! -d rootfs ]; then
	mkdir rootfs
	docker export $(docker create ubuntu:bionic) \| tar -xf - -C rootfs
	echo "nameserver 10.0.2.3" > rootfs/etc/resolv.conf
	fi

	echo "[*] Cleanup"
	pkill -f 'python -m SimpleHTTPServer' \|\| true
	pkill 'slirp4netns' \|\| true

	${RUNSC} kill hello \|\| true
	${RUNSC} delete hello \|\| true
	rm file.bin \|\| true

	echo "[*] Create gvisor"

	# gofer requires many files
	ulimit -n 1048576
	${RUNSC} ${GVFLAGS} create hello

	NSPID=`${RUNSC} state hello \| jq .pid`
	nsenter -n -t ${NSPID} ip link set lo up
	nsenter -n -t ${NSPID} ip tuntap add mode tap name eth0
	nsenter -n -t ${NSPID} ip link set dev eth0 up
	nsenter -n -t ${NSPID} ip addr add 10.0.2.100/24 dev eth0
	nsenter -n -t ${NSPID} ip neigh add 10.0.2.2 lladdr 70:71:aa:4b:29:aa dev eth0
	nsenter -n -t ${NSPID} ip route add 0.0.0.0/0 via 10.0.2.2 dev eth0

	fallocate -l ${FILESZ} file.bin
	python -m SimpleHTTPServer 8080 &
	HTTPPID=$!

	${SLIRP} ${NSPID} -m 65521 eth0 &
	SLIRPPID=$!

	echo "[*] Start gvisor"

	${RUNSC} ${GVFLAGS} start hello

	if [ ! -f rootfs/usr/bin/curl ]; then
	${RUNSC} exec hello apt-get -q update
	${RUNSC} exec hello apt-get -qy install apt-utils ca-certificates curl
	fi

	echo "[*] running curl"
	${RUNSC} exec hello curl 10.0.2.2:8080/file.bin -o /dev/null \|\| true

	${RUNSC} kill -all hello
	${RUNSC} delete -force hello \|\| true

	kill ${SLIRPPID} ${HTTPPID}