2019-03-30 02:40:11 +00:00
+++
title = "gVisor"
linkTitle = "gVisor"
description = "A container sandbox runtime focused on security, efficiency, and ease of use."
+++
{{< blocks / cover image_anchor = "top" height = "auto" color = "primary" title = "gVisor" > }}
2019-04-01 00:18:04 +00:00
< div class = "mx-auto" >
< p class = "lead" > A container sandbox runtime focused on < strong > security< / strong > , < strong > efficiency< / strong > , and < strong > ease of use< / strong > .< / p >
< a class = "btn btn-lg btn-primary mr-3 mb-4" href = "./docs/user_guide/docker/" > Quick Start< i class = "fas fa-arrow-alt-circle-right ml-2" > < / i > < / a >
2019-04-02 17:26:27 +00:00
< a class = "btn btn-lg btn-secondary mr-3 mb-4" href = "https://github.com/google/gvisor" rel = "noopener" > GitHub < i class = "fab fa-github ml-2" > < / i > < / a >
2019-03-30 02:40:11 +00:00
< / div >
{{< /blocks/cover >}}
{{% blocks/lead color="secondary" %}}
2019-04-03 07:14:55 +00:00
gVisor is an open-source, < a href = "https://www.opencontainers.org/" target = "_blank" rel = "noopener" > OCI-compatible< / a > sandbox runtime that provides a virtualized container environment. It runs containers with a new < a href = "https://en.wikipedia.org/wiki/User_space" target = "_blank" rel = "noopener" > user-space< / a > kernel, delivering a low overhead container security solution for high-density applications.
2019-03-30 02:40:11 +00:00
gVisor integrates with < a href = "https://www.docker.com/" target = "_blank" rel = "noopener" > Docker< / a > , < a href = "https://containerd.io/" target = "_blank" rel = "noopener" > containerd< / a > and < a href = "https://kubernetes.io/" target = "_blank" rel = "noopener" > Kubernetes< / a > , making it easier to improve the security isolation of your containers while still using familiar tooling. Additionally, gVisor supports a variety of underlying mechanisms for intercepting application calls, allowing it to run in diverse host environments, including cloud-hosted virtual machines.
{{% /blocks/lead %}}
{{< blocks / section color = "dark" > }}
2019-04-24 02:12:56 +00:00
{{% blocks/feature icon="fas fa-lock" title="Defense in Depth" %}}
2019-03-30 02:40:11 +00:00
Each sandbox has its own user-space kernel, providing additional protection from host kernel vulnerabilities.
2019-04-24 02:12:56 +00:00
{{% /blocks/feature %}}
2019-03-30 02:40:11 +00:00
2019-04-24 02:12:56 +00:00
{{% blocks/feature icon="fas fa-feather-alt" title="Lightweight" %}}
2019-03-30 02:40:11 +00:00
Runs as a normal process and uses the host kernel for memory management and scheduling.
2019-04-24 02:12:56 +00:00
{{% /blocks/feature %}}
2019-03-30 02:40:11 +00:00
2019-04-24 02:12:56 +00:00
{{% blocks/feature icon="fab fa-linux" title="Zero Configuration" %}}
2019-04-02 17:26:27 +00:00
Capable of running most Linux applications unmodified, with zero configuration.
2019-04-24 02:12:56 +00:00
{{% /blocks/feature %}}
2019-03-30 02:40:11 +00:00
{{< /blocks/section >}}
{{< blocks / section color = "white" > }}
2019-04-24 02:12:56 +00:00
{{% blocks/feature icon="fas fa-book" title="Read the Docs" %}}
2019-04-02 20:42:14 +00:00
Read the [documentation](./docs/) to understand gVisor, its architecture and trade-offs, and how to use it.
2019-04-24 02:12:56 +00:00
{{% /blocks/feature %}}
2019-03-30 02:40:11 +00:00
2019-04-24 02:12:56 +00:00
{{% blocks/feature icon="fas fa-code-branch" title="Contribute to gVisor" %}}
2019-03-30 02:40:11 +00:00
Anyone is welcome to be a gVisor contributor. Please check out the [community information](./docs/community) to get started.
2019-04-24 02:12:56 +00:00
{{% /blocks/feature %}}
2019-03-30 02:40:11 +00:00
2019-04-24 02:12:56 +00:00
{{% blocks/feature icon="fab fa-github" title="Give Feedback" %}}
2019-03-30 02:40:11 +00:00
File feature requests, bugs, and compatibility issues on < a href = "https://github.com/google/gvisor/issues" target = "_blank" rel = "noopener" > GitHub< / a > .
2019-04-24 02:12:56 +00:00
{{% /blocks/feature %}}
2019-03-30 02:40:11 +00:00
{{< /blocks/section >}}