Description: OCI container sandbox runtime focused on security, efficiency, and ease of use Upstream URL: https://gvisor.dev

After receiving the same error as many people:

docker: Error response from daemon: failed to create shim: OCI runtime create failed: unable to retrieve OCI runtime error (open /var/run/docker/containerd/daemon/io.containerd.runtime.v2.task/moby/fc9b49276ad1768844fce24c42a8e04a1673b2733b0858ca31fcb6bbe228dd26/log.json: no such file or directory): /usr/bin/runsc did not terminate successfully: exit status 1: unknown.
i found a fix after comparing the docker configuration to my ubuntu install where gvisor worked fine.
Add the following property/line to /etc/docker/daemon.json:
"exec-opts": ["native.cgroupdriver=cgroupfs"]
By default arch uses systemd as a driver, which apparently is incompatible to gvisor
After a sudo systemctl restart docker i can run the hello world program perfectly fine (sudo docker run --rm --runtime=runsc hello-world)
            
With the recent podman update, users can use runsc directly without making any changes, and docker is not the only example available on the gVisor website
example:
https://gvisor.dev/docs/user_guide/quick_start/oci/
@braderhart