Google Open Sources gVisor, A Sandboxed Container Runtime
-
- 55
Thanks to Docker, containers are everywhere now. But, while containers have revolutionized how we develop, package, and deploy applications, we’ve not done a great job of securing them. That’s where Google has a new answer in locking down containers: gVisor.
With gVisor, Google has introduced a new way to sandbox containers. These are containers that provide a secure isolation boundary between the host operating system and the application running within the container.
It does this by providing a Linux user-space kernel, written in Go. This implements a substantial portion of the Linux system surface and intercepting application system calls from containerized programs.
Thanks to Docker, containers are everywhere now. But, while containers have revolutionized how we develop, package, and deploy applications, we’ve not done a great job of securing them. That’s where Google has a new answer in locking down containers: gVisor. With gVisor, Google has introduced a new way to sandbox containers. These…
Thanks to Docker, containers are everywhere now. But, while containers have revolutionized how we develop, package, and deploy applications, we’ve not done a great job of securing them. That’s where Google has a new answer in locking down containers: gVisor. With gVisor, Google has introduced a new way to sandbox containers. These…