I did this once for an experimental project and found it really difficult to keep the version of gVisor I was using up to date, since it seems like the API is extremely volatile. Anyone else had this experience? If so, is there some way around it that I don't know? Or did I just try it at a bad point in the development timeline?
That's just how Google operates in my experience... Avoid Google libraries unless absolutely necessary, and if you do adopt Google libraries, be prepared to either be forever multiple years out of date or spend significant resources on keeping it up to date.
It could be that you happened to find a period of rapid change, but it is also possible that you ran into the issue that raggi mentioned in the sibling comment.
hey Ian, long time. Is there any chance y'all could swap out main so that main contains the generated code version?
I don't know the status on those export tools these days as I left the company years ago, but if they could sync with a different branch.
This would help various folks quite a bit, as for example tsnet users often fall into the trap of trying to do `go get -u`, which then pulls a non-functional gvisor version.
I don't work on gVisor anymore. That said, I think it would be a tough sell. It would be a pretty big breaking change. Also, there is already a problem with people trying to send patches against the go branch and making it the default would make that much worse.
I think the solution is an automatically exported repository at a different path. Kind of (or maybe exactly) like what Tailscale/bradfitz used to maintain.
> That obviously doesn't work for a linux-on-fuschia compat layer.
This isn’t actually true. gVisor contains full implementations of Linux syscalls and only relies on host syscalls being the same for some interoperability features between sandboxed and host applications. It would be completely possible to port gVisor to a non-Linux operating system.
Right, it would be silly to intercept the syscalls and just pass them on as is to the host kernel. If you just want to validate/filter things for security reasons, there are existing Linux APIs for that.
Stairwell is seed funded and recently came out of stealth mode as a new cybersecurity company that seeks to empower any team to defend against every attacker. It is composed of security industry leaders and engineers from Microsoft and Google and is backed by Accel, Sequoia Capital, Allen & Company, and Gradient Ventures.
Stairwell Inc. | REMOTE USA, VISA | Full-Time Stairwell is seed funded and recently came out of stealth mode as a new cybersecurity company that seeks to empower any team to defend against every attacker. It is composed of security industry leaders and engineers from Microsoft and Google and is backed by Accel, Sequoia Capital, Allen & Company, and Gradient Ventures.
Technologies
Stairwell Inc. | REMOTE USA, VISA | Full-Time
Stairwell is seed funded and recently came out of stealth mode as a new cybersecurity company that seeks to empower any team to defend against every attacker. It is composed of security industry leaders and engineers from Microsoft and Google and is backed by Accel, Sequoia Capital, Allen & Company, and Gradient Ventures.
Stairwell is seed funded and recently came out of stealth mode as a new cybersecurity company that seeks to empower any team to defend against every attacker. It is composed of security industry leaders and engineers from Microsoft and Google and is backed by Accel, Sequoia Capital, Allen & Company, and Gradient Ventures.
I used 20% time for things that were related to my work, but out of scope for my team. For example, I wrote a DNS library in Go for work and then I open sourced it [1] and used it to rewrite the standard library DNS client [2] as a 20% project. It actually worked out really well for me. The promo committee specifically called out my DNS project when they approved my promotion and ignored the stuff that I had been doing for my team.
https://github.com/google/gvisor/tree/go
go get gvisor.dev/gvisor/pkg/tcpip@go
The go branch is auto generated with all of the generated code checked in.