gVisor: new container runtime with a sandbox

Subscribe to our newsletter

Google has released a new container runtime called gVisor which promises more security than conventional Linux containers, but requires less resources than a combination of container and VM (as in runV or Kata containers). To reach this goal the Google developers have re-implemented most of the Linux syscalls in a userspace process. Every container gets its own user-space kernel and its own virtualized devices. In this regard gVisor offers a kind of extreme paravirtualization, Google said.

gVisor can be used as a runtime for Docker as well as Kubernetes, although the latter is still experimental. Various applications such as Apache, MySQL, MariaDB, Redis, Prometheus and others have been successfully operated with gVisor. Other applications such as Elasticsearch, Nginx and PostgreSQL are currently not working due to missing syscalls.

The source code and more information can be found on the gVisor GitHub page.

Get our weekly newsletter

Marketing permission: I give my consent to KUBEMAG to be in touch with me via email using the information I have provided in this form for the purpose of news and updates.