You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Docs: mark gVisor and Kata isolation items done in TODO.md
Both are implemented as isolation: container-enhanced (gVisor) and
isolation: vm / vm-enhanced (Kata+QEMU / Kata+Firecracker).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Copy file name to clipboardExpand all lines: docs/dev/plans/TODO.md
+4-16Lines changed: 4 additions & 16 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -119,24 +119,12 @@ The main binary retains ownership of sandbox directories (written as the calling
119
119
120
120
See [linux-vm-backends research](../research/linux-vm-backends.md) for full analysis.
121
121
122
-
### gVisor integration (`security: gvisor`)
122
+
### ~~gVisor integration (`security: gvisor`)~~ ✅
123
123
124
-
Add an optional `security` config key to profile config. When set to `gvisor`, pass `--runtime=runsc` to `docker run`. Provides meaningful isolation improvement (host kernel not directly reachable by agent code) with no KVM requirement and near-zero integration complexity.
124
+
Implemented as `isolation: container-enhanced`. Passes `--runtime=runsc` to Docker/Podman. Preflight check validates `runsc` binary and Docker runtime registration. Incompatibility with `:overlay` directories is enforced (gVisor VFS2 does not support overlayfs inside the container).
125
125
126
-
Design:
127
-
- Profile config key: `security: standard | gvisor | kata | kata-firecracker` (default: `standard`)
128
-
-`standard` → no change (existing runc behavior)
129
-
-`gvisor` → add `--runtime=runsc` to docker run
130
-
- Preflight check: if `security: gvisor` and `runsc` not found in PATH, fail with actionable error
131
-
- Known incompatibility: agents cannot run Docker-in-Docker inside gVisor sandbox; document this
### Kata Containers integration (`security: kata`)
134
-
135
-
When set to `kata` or `kata-firecracker`, pass `--runtime=kata-qemu` or `--runtime=kata-fc`. Provides hardware VM isolation (separate kernel per sandbox) while keeping full `docker exec` compatibility via kata-agent↔vsock.
136
-
137
-
- Requires KVM on host (excludes standard cloud VMs without nested virt or .metal)
138
-
-~1-2s start overhead, ~100-150 MB per-sandbox VM overhead
139
-
- Same preflight check pattern as gVisor
140
-
- Defer until gVisor integration is validated
128
+
Implemented as `isolation: vm` (Kata+QEMU) and `isolation: vm-enhanced` (Kata+Firecracker) via the containerd backend. Uses `io.containerd.kata.v2` and `io.containerd.kata-fc.v2` shimv2 runtimes. Preflight checks validate Kata shim binary, CNI plugins, and `/dev/kvm`. `vm-enhanced` additionally selects the `devmapper` snapshotter.
141
129
142
130
Not worth building: raw Firecracker backend (requires full orchestration layer — rootfs images, vsock exec daemon, networking). Revisit only if yoloAI targets hosted/SaaS deployment model.
0 commit comments