Linux gVisor live runner

Covenant has an initial Linux gVisor runtime runner, but production sandbox claims require reproducible live validation. This guide defines the host contract for the opt-in runsc test path.

What it validates

  • OCI bundle generation for a sandbox-required agent.
  • Real runsc run --bundle dispatch through the runtime crate.
  • Read-only package mount at /workspace and read-only root filesystem.
  • Network namespace isolation for the current network-off policy.
  • No fallback to trusted-local execution when sandbox startup fails.
  • Cleanup of the temporary bundle directory after execution.

Supported manifest subset

FieldSupported value
[sandbox].backendlinux-gvisor
[sandbox].filesystemread-only-package
[resources].networkoff

Other sandbox policies still fail closed until their enforcement exists in code.

Host requirements

  • Linux host.
  • Rust stable.
  • runsc installed and executable by the test user.
  • Root filesystem directory containing /bin/sh.
  • Host permissions that allow runsc to create the required namespaces.

Rootfs smoke setup

mkdir -p .covenant-live/rootfs image="${COVENANT_LIVE_ROOTFS_IMAGE:-alpine:3.20}" cid="$(docker create "$image")" docker export "$cid" | tar -C .covenant-live/rootfs -xf - docker rm "$cid" export COVENANT_LIVE_GVISOR_ROOTFS="$PWD/.covenant-live/rootfs" test -x "$COVENANT_LIVE_GVISOR_ROOTFS/bin/sh"

Run the test

cd agent-os export COVENANT_LIVE_GVISOR_ROOTFS="$PWD/../.covenant-live/rootfs" export COVENANT_LIVE_RUNSC="${COVENANT_LIVE_RUNSC:-runsc}" "$COVENANT_LIVE_RUNSC" --version test -x "$COVENANT_LIVE_GVISOR_ROOTFS/bin/sh" cargo test -p covenant-runtime --test live_gvisor -- --ignored live_gvisor_runner_dispatches_with_runsc

CI adoption criteria

  • Dedicated Linux runner image or setup step with runsc.
  • Pinned rootfs artifact that includes /bin/sh.
  • Captured runsc --version and rootfs provenance.
  • No dependence on operator home directories or credential stores.
  • Failure policy scoped to sandbox-runtime changes until the runner is stable.

Related