path: root/
diff options
Diffstat (limited to '')
1 files changed, 4 insertions, 147 deletions
diff --git a/ b/
index f0252025c..d12ba732d 100644
--- a/
+++ b/
@@ -1,148 +1,5 @@
+# gVisor
-## What is gVisor?
-**gVisor** is a user-space kernel, written in Go, that implements a substantial
-portion of the Linux system surface. It includes an
-[Open Container Initiative (OCI)][oci] runtime called `runsc` that provides an
-isolation boundary between the application and the host kernel. The `runsc`
-runtime integrates with Docker and Kubernetes, making it simple to run sandboxed
-## Why does gVisor exist?
-Containers are not a [**sandbox**][sandbox]. While containers have
-revolutionized how we develop, package, and deploy applications, running
-untrusted or potentially malicious code without additional isolation is not a
-good idea. The efficiency and performance gains from using a single, shared
-kernel also mean that container escape is possible with a single vulnerability.
-gVisor is a user-space kernel for containers. It limits the host kernel surface
-accessible to the application while still giving the application access to all
-the features it expects. Unlike most kernels, gVisor does not assume or require
-a fixed set of physical resources; instead, it leverages existing host kernel
-functionality and runs as a normal user-space process. In other words, gVisor
-implements Linux by way of Linux.
-gVisor should not be confused with technologies and tools to harden containers
-against external threats, provide additional integrity checks, or limit the
-scope of access for a service. One should always be careful about what data is
-made available to a container.
-## Documentation
-User documentation and technical architecture, including quick start guides, can
-be found at [][gvisor-dev].
-## Installing from source
-gVisor currently requires x86\_64 Linux to build, though support for other
-architectures may become available in the future.
-### Requirements
-Make sure the following dependencies are installed:
-* Linux 4.14.77+ ([older linux][old-linux])
-* [git][git]
-* [Bazel][bazel] 0.23.0+
-* [Python][python]
-* [Docker version 17.09.0 or greater][docker]
-* Gold linker (e.g. `binutils-gold` package on Ubuntu)
-### Getting the source
-Clone the repository:
-git clone gvisor
-cd gvisor
-### Building
-Build and install the `runsc` binary:
-bazel build runsc
-sudo cp ./bazel-bin/runsc/linux_amd64_pure_stripped/runsc /usr/local/bin
-If you don't want to install bazel on your system, you can build runsc in a
-Docker container:
-make runsc
-sudo cp ./bazel-bin/runsc/linux_amd64_pure_stripped/runsc /usr/local/bin
-### Testing
-The test suite can be run with Bazel:
-bazel test ...
-or in a Docker container:
-make unit-tests
-make tests
-### Using remote execution
-If you have a [Remote Build Execution][rbe] environment, you can use it to speed
-up build and test cycles.
-You must authenticate with the project first:
-gcloud auth application-default login --no-launch-browser
-Then invoke bazel with the following flags:
-You can also add those flags to your local ~/.bazelrc to avoid needing to
-specify them each time on the command line.
-## Community & Governance
-The governance model is documented in our [community][community] repository.
-The [gvisor-users mailing list][gvisor-users-list] and
-[gvisor-dev mailing list][gvisor-dev-list] are good starting points for
-questions and discussion.
-## Security
-Sensitive security-related questions, comments and disclosures can be sent to
-the [gvisor-security mailing list][gvisor-security-list]. The full security
-disclosure policy is defined in the [community][community] repository.
-## Contributing
-See [](
+This branch is a synthetic branch, containing only Go sources, that is
+compatible with standard Go tools. See the `master` branch for authoritative
+sources and tests.