Skip to main content

Linux gVisor live runner

Covenant has an initial Linux gVisor runtime runner, but production sandbox claims require reproducible live validation. This guide defines the host contract for the opt-in runsc test path.

What it validates

  • OCI bundle generation for a sandbox-required agent.
  • Real runsc run --bundle dispatch through the runtime crate.
  • Read-only package mount at /workspace and read-only root filesystem.
  • Network namespace isolation for the current network-off policy.
  • No fallback to trusted-local execution when sandbox startup fails.
  • Cleanup of the temporary bundle directory after execution.

Supported manifest subset

FieldSupported value
[sandbox].backendlinux-gvisor
[sandbox].filesystemread-only-package
[resources].networkoff

Other sandbox policies still fail closed until their enforcement exists in code.

Host requirements

  • Linux host.
  • Rust stable.
  • runsc installed and executable by the test user.
  • Root filesystem directory containing /bin/sh.
  • Host permissions that allow runsc to create the required namespaces.

Rootfs smoke setup

mkdir -p .covenant-live/rootfs image="${COVENANT_LIVE_ROOTFS_IMAGE:-alpine:3.20}" cid="$(docker create "$image")" docker export "$cid" | tar -C .covenant-live/rootfs -xf - docker rm "$cid" export COVENANT_LIVE_GVISOR_ROOTFS="$PWD/.covenant-live/rootfs" test -x "$COVENANT_LIVE_GVISOR_ROOTFS/bin/sh"

Run the test

cd agent-os export COVENANT_LIVE_GVISOR_ROOTFS="$PWD/../.covenant-live/rootfs" export COVENANT_LIVE_RUNSC="${COVENANT_LIVE_RUNSC:-runsc}" "$COVENANT_LIVE_RUNSC" --version test -x "$COVENANT_LIVE_GVISOR_ROOTFS/bin/sh" cargo test -p covenant-runtime --test live_gvisor -- --ignored live_gvisor_runner_dispatches_with_runsc

CI adoption criteria

  • Dedicated Linux runner image or setup step with runsc.
  • Pinned rootfs artifact that includes /bin/sh.
  • Captured runsc --version and rootfs provenance.
  • No dependence on operator home directories or credential stores.
  • Failure policy scoped to sandbox-runtime changes until the runner is stable.

Related