You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Mentorship plan: Improve lifecycle management of sandbox monitors
This discussion outlines the proposed plan for the CNCF mentorship project "Improve lifecycle management of sandbox monitors”.
The plan is structured into three phases. Each phase has clear goals and specific outcomes, along with suggested tasks and sub-tasks to help guide the work. The listed sub-tasks are meant as guidance and reference points, they are not strict requirements. The exact order of tasks within each phase can be adjusted as long as the main outcomes are achieved.
Phase 1
The goal of Phase 1 is to build the necessary background and get familiar with IPC over sockets in linux namespaces. This phase is expected to last up to 3 weeks (08/06/2026 – 29/06/2026).
Tentative tasks and sub-tasks
Theoretical background (Linux namespaces):
Read and get familiar with Linux namespaces
Identify the namespaces that affect IPC and how they could potentially create issues with the socket API for the VMMs.
Get familiar with how urunc uses Linux namespaces and its execution model
Explore other sandbox runtimes
Explore how Kata containers and containerd-firecracker make use of VMM socket
A first PoC of using sockets for one VMM of your choice
Perform the necessary changes to use a socket when spawning the VMM
Identify where the socket will leave and which processes will be allowed to use the socket
IProvide a PoC if connection to the VMM socker after container started
Outcome
Deadline: Completed no later than 28/06/2026 (AoE). Description: A report with the:
theoretical background for Linux namespaces, how they affect unix sockets and where the socket would live and any connection constraints.
A PoC with sockets exposed when starting a new container
Phase 2
The goal of Phase 2 is to extend the quick PoC above to a proper solution which will be integrated in urunc. This phase is expected to last up to 4 weeks (29/06/2026 – 27/07/2026). During this time, the focus will shift to a proper design and implementation of a solution for all monitors
Tentative tasks and sub-tasks
Analyze the following two options
Using the VMM socket to setup the whole VM
Simply appending the VMM socket in the cli options
Identify the side effects of each solution
Design and provide a quick implementation of a solution for using the VMM socket
Quick PoC with the implementation
Evaluation for spawn time between the two approaches
Implement the selected approach for all monitors (that support socket API):
For each monitor create and merge a PR to add support for the new socket
A design document with the handling of the VMM lifecycle
Using Firecracker's API resolve the issue of graceful shutdown for Linux-based VMs
Explore other monitors support similar functionality through their API.
Outcomes
Deadline: Completed no later than 26/06/2026 (AoE). Description: The following items:
open PRs for each monitor
The design document for the new VMM lifecycle management
Phase 3
The goal of Phase 3 is to utilize the VMM API for adding support for CRIU. This phase is expected to last up to 4 weeks (27/07/2026 – 31/08/2026). During this time, the focus will shift to utilizing the monitor's API for creating and restoring snapshots and integrating this workflow with CRIU.
Tentative tasks and sub-tasks
Get familiar with snapshots:
For each monitor that supports snapshots get familiar with the API to create snapshots and spawn VMs throufh snapshots.
COme up with a plan for the changes required in urunc for such support.
Get familiar with CRIU:
Explore and get familiar with the container workflows that add support for CRIU.
Identofy the missing parts in urunc to add such support
Add support for CRIU in urunc:
Based on the exploration of the previous steps, add support for CRIU in urunc
Open the respective PRs
Testing and evaluation of CRIU in urunc (time permitted):
Provide sufficient testing for the new CRIU feature
Perform evaluation measuring the support for CRIU in urunc compared to containers and other sandbox container runtimes.
Outcomes
Deadline: Completed no later than 31/08/2026 (AoE). Description: The following items:
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
Mentorship plan: Improve lifecycle management of sandbox monitors
This discussion outlines the proposed plan for the CNCF mentorship project "Improve lifecycle management of sandbox monitors”.
The plan is structured into three phases. Each phase has clear goals and specific outcomes, along with suggested tasks and sub-tasks to help guide the work. The listed sub-tasks are meant as guidance and reference points, they are not strict requirements. The exact order of tasks within each phase can be adjusted as long as the main outcomes are achieved.
Phase 1
The goal of Phase 1 is to build the necessary background and get familiar with IPC over sockets in linux namespaces. This phase is expected to last up to 3 weeks (08/06/2026 – 29/06/2026).
Tentative tasks and sub-tasks
Outcome
Deadline: Completed no later than 28/06/2026 (AoE).
Description: A report with the:
Phase 2
The goal of Phase 2 is to extend the quick PoC above to a proper solution which will be integrated in urunc. This phase is expected to last up to 4 weeks (29/06/2026 – 27/07/2026). During this time, the focus will shift to a proper design and implementation of a solution for all monitors
Tentative tasks and sub-tasks
Outcomes
Deadline: Completed no later than 26/06/2026 (AoE).
Description: The following items:
Phase 3
The goal of Phase 3 is to utilize the VMM API for adding support for CRIU. This phase is expected to last up to 4 weeks (27/07/2026 – 31/08/2026). During this time, the focus will shift to utilizing the monitor's API for creating and restoring snapshots and integrating this workflow with CRIU.
Tentative tasks and sub-tasks
Outcomes
Deadline: Completed no later than 31/08/2026 (AoE).
Description: The following items:
Beta Was this translation helpful? Give feedback.
All reactions