GVisor
   HOME

TheInfoList



Click Here for Items Related To - GVisor
OR:
GVisor on:   [Wikipedia]   [Google]   [Amazon]

gVisor is a container
sandbox A sandbox is a sandpit, a wide, shallow playground construction to hold sand, often made of wood or plastic. Sandbox or sand box may also refer to: Arts, entertainment, and media * Sandbox (band), a Canadian rock music group * Sandbox (Gu ...
developed by Google that focuses on security, efficiency and ease of use. gVisor implements around 200 of the Linux system calls in
userspace A modern computer operating system usually uses virtual memory to provide separate address spaces or regions of a single address space, called user space and kernel space. This separation primarily provides memory protection and hardware prote ...
, for additional security compared to
containers A container is any receptacle or enclosure for holding a product used in storage, packaging, and transportation, including shipping. Things kept inside of a container are protected on several sides by being inside of its structure. The term ...
that run directly on top of the
Linux kernel The Linux kernel is a Free and open-source software, free and open source Unix-like kernel (operating system), kernel that is used in many computer systems worldwide. The kernel was created by Linus Torvalds in 1991 and was soon adopted as the k ...
and are isolated with
namespaces In computing, a namespace is a set of signs (''names'') that are used to identify and refer to objects of various kinds. A namespace ensures that all of a given set of objects have unique names so that they can be easily identified. Namespaces ...
. Unlike the Linux kernel, gVisor is written in the
memory-safe Memory safety is the state of being protected from various software bugs and security vulnerabilities when dealing with memory access, such as buffer overflows and dangling pointers. For example, Java is said to be memory-safe because its runt ...
programming language Go to prevent common pitfalls which frequently occur in software written in C. According to
Google Google LLC (, ) is an American multinational corporation and technology company focusing on online advertising, search engine technology, cloud computing, computer software, quantum computing, e-commerce, consumer electronics, and artificial ...
and
Brad Fitzpatrick Bradley Joseph Fitzpatrick (born February 5, 1980) is an American programmer. He is best known as the creator of LiveJournal and is the author of a variety of free software projects such as memcached, PubSubHubbub, OpenID, and Perkeep. Personal l ...
, gVisor is used in Google's production environment including the App Engine standard environment, Cloud Functions, Cloud ML Engine and Google Cloud Run. Most recently, gVisor was integrated with Google Kubernetes Engine, allowing users to sandbox their
Kubernetes Kubernetes (), also known as K8s is an open-source software, open-source OS-level virtualization, container orchestration (computing), orchestration system for automating software deployment, scaling, and management. Originally designed by Googl ...
pods for use cases like
SaaS Software as a service (SaaS ) is a cloud computing service model where the provider offers use of application software to a client and manages all needed physical and software resources. SaaS is usually accessed via a web application. Unlike oth ...
and
multitenancy Software multitenancy is a software architecture in which a single instance of software runs on a server and serves multiple tenants. Systems designed in such manner are "shared" (rather than "dedicated" or "isolated"). A tenant is a group of us ...
.


References

Google software Free software programmed in Go Linux APIs Software using the Apache license {{Google-stub