Description
We'd like to basically capture and record the filesystem state of the sandboxee (merged view of upper and lower layer, or just the upper layer contents).
You want to capture the rootfs overlay's upper layer contents? Or are you talking about checkpoint/restore with gVisor (which should already work with all modes of --overlay2 flag)?
Aiming to do the former, but at the same time need to use overlay2 because we're trying to run docker inside gvisor and docker doesn't appear work inside gVisor with
--overlay2=nonedue tofailed to register layer: operation not permittedwhen trying to pull certain images, which I think is due to restrictions of the 9p filesystem? (e.g.,docker pull bitnami/redis:7.0which doesn't work when root filesystem shows9p, but works when it showsoverlay)We currently don't have a way to extract just the rootfs upper layer from the checkpoint image generated by runsc checkpoint. I am (co-incidentally) working on extracting the rootfs upper layer as a TAR file. Would you be interested in that? We could add some API in runsc to invoke that functionality.
Would be interested in that!