gVisor

E699829
container sandbox open-source software project user-space kernel

gVisor is a user-space kernel that provides an additional isolation boundary for containerized applications by intercepting and emulating system calls, enhancing security in container runtimes.

Try in SPARQL Jump to: Statements Referenced by

Statements (48)

Predicate Object
instanceOf container sandbox
open-source software project
user-space kernel
aimsTo enhance container security
reduce host kernel attack surface
canBeUsedAs Docker alternative runtime
Kubernetes sandboxed runtime NERFINISHED
category container security technology
virtualization technology
compatibleWith Docker NERFINISHED
Kubernetes NERFINISHED
containerd NERFINISHED
designedFor multi-tenant environments
untrusted workloads
developedBy Google NERFINISHED
documentationURL https://gvisor.dev
hasComponent Gofer NERFINISHED
Sentry NERFINISHED
runsc
implements system call emulation
system call interception
introducedBy Google Cloud team NERFINISHED
isolates container workloads from host kernel
license Apache License 2.0
programmingLanguage Go NERFINISHED
provides additional isolation boundary for containerized applications
user-space kernel for containers
reduces kernel attack surface exposed to containers
repositoryHostedOn GitHub NERFINISHED
runsIn user space
runsOn Linux hosts
securityModel application-level virtualization
sourceCodeRepository https://github.com/google/gvisor
supports ARM64 architecture
Kubernetes RuntimeClass integration
Linux containers
OCI-compatible containers
networking via gVisor network stack
overlay file systems via Gofer
rootless containers
runsc runtime NERFINISHED
x86_64 architecture
useCase hardening container runtimes
multi-tenant PaaS isolation
running untrusted code safely
uses seccomp-bpf for system call interception
virtualizes Linux system call interface
writtenIn Go NERFINISHED

Referenced by (1)

Full triples — surface form annotated when it differs from this entity's canonical label.

CRI-O supportsRuntime gVisor