| gVisor | |
|---|---|
 | |
| Developer | |
| Initial release | 2 May 2018; 7 years ago (2018-05-02) |
| Repository | github |
| Written in | Go |
| Operating system | Linux |
| License | Apache License 2.0 |
| Website | gvisor |
gVisor is a containersandbox developed by Google that focuses on security, efficiency and ease of use.[1][2] gVisor implements around 200 of theLinux system calls inuserspace, for additional security compared tocontainers that run directly on top of theLinux kernel and are isolated withnamespaces.[3][4] Unlike the Linux kernel, gVisor is written in thememory-safe programming languageGo to prevent common pitfalls which frequently occur in software written inC.[5]
According toGoogle[6] andBrad Fitzpatrick,[7] gVisor is used in Google's production environment including theApp Engine standard environment, Cloud Functions,Cloud ML Engine andGoogle Cloud Run.[8] Most recently, gVisor was integrated with Google Kubernetes Engine, allowing users to sandbox theirKubernetes pods for use cases likeSaaS andmultitenancy.[9]
