An application kernel for containers that provides efficient defense-in-depth
gVisor is an application kernel, written in Go, that implements a substantial portion of the Linux system surface. It includes an Open Container Initiative (OCI) runtime called runsc that provides an isolation boundary between the application and the host kernel. The runsc runtime integrates with Docker and Kubernetes, making it simple to run sandboxed containers.
gVisor allows execution of unmodified binaries by intercepting application system calls and emulating them. gVisor may be thought of as either a merged guest kernel and VMM, or as a more capable seccomp sandbox. This allows it to provide a flexible resource footprint compared to traditional virtualization (i.e. one based on threads and memory mappings, not fixed guest physical resources) while also lowering the fixed costs of virtualization.
gVisor 2021 Projects
System V Message QueuesLinux provides two message queue implementations, System V message queues, and POSIX message queues, none of which are currently implemented in...