508e25b6d6
This adapts the merged website repository to use the image and bazel build framework. It explicitly avoids the container_image rules provided by bazel, opting instead to build with direct docker commands when necessary. The relevant build commands are incorporated into the top-level Makefile. |
||
|---|---|---|
| .. | ||
| architecture_guide | ||
| user_guide | ||
| BUILD | ||
| README.md | ||
| community.md | ||
| logo.png | ||
| logo.txt | ||
| roadmap.md | ||
README.md
What is gVisor?
gVisor is a user-space kernel, written in Go, that implements a substantial portion of the Linux system call interface. It provides an additional layer of isolation between running applications and the host operating system.
gVisor includes an Open Container Initiative (OCI) runtime called runsc
that makes it easy to work with existing container tooling. The runsc runtime
integrates with Docker and Kubernetes, making it simple to run sandboxed
containers.
gVisor takes a distinct approach to container sandboxing and makes a different set of technical trade-offs compared to existing sandbox technologies, thus providing new tools and ideas for the container security landscape.
gVisor can be used with Docker, Kubernetes, or directly using runsc. Use the
links below to see detailed instructions for each of them:
- Docker: The quickest and easiest way to get started.
- Kubernetes: Isolate Pods in your K8s cluster with gVisor.
- OCI Quick Start: Expert mode. Customize gVisor for your environment.