diff options
author | gVisor bot <gvisor-bot@google.com> | 2020-09-24 13:42:34 -0700 |
---|---|---|
committer | gVisor bot <gvisor-bot@google.com> | 2020-09-24 13:42:34 -0700 |
commit | 5f8c653542641408a0d3a045d645e06883b7ac91 (patch) | |
tree | 0c23a385ef4b201427d677fb1b256cae64b2f19e /g3doc | |
parent | 90d9d0e7bded652b8de4d48b1ca8b5a771b6a0d9 (diff) | |
parent | b8793582d61dc4096f452ab7d3f70dc2963b3c3d (diff) |
Merge pull request #4019 from didier-durand:patch-2
PiperOrigin-RevId: 333588387
Diffstat (limited to 'g3doc')
-rw-r--r-- | g3doc/architecture_guide/resources.md | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/g3doc/architecture_guide/resources.md b/g3doc/architecture_guide/resources.md index 1dec37bd1..fc997d40c 100644 --- a/g3doc/architecture_guide/resources.md +++ b/g3doc/architecture_guide/resources.md @@ -19,12 +19,12 @@ sandboxed process: Much like a Virtual Machine (VM), a gVisor sandbox appears as an opaque process on the system. Processes within the sandbox do not manifest as processes on the -host system, and process-level interactions within the sandbox requires entering +host system, and process-level interactions within the sandbox require entering the sandbox (e.g. via a [Docker exec][exec]). ## Networking -The sandbox attaches a network endpoint to the system, but runs it's own network +The sandbox attaches a network endpoint to the system, but runs its own network stack. All network resources, other than packets in flight on the host, exist only inside the sandbox, bound by relevant resource limits. |