1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
|
+++
title = "gVisor"
linkTitle = "gVisor"
description = "A container sandbox runtime focused on security, efficiency, and ease of use."
+++
{{< blocks/cover image_anchor="top" height="auto" color="primary" title="gVisor" >}}
<div class="mx-auto">
<p class="lead">A container sandbox runtime focused on <strong>security</strong>, <strong>efficiency</strong>, and <strong>ease of use</strong>.</p>
<a class="btn btn-lg btn-primary mr-3 mb-4" href="./docs/user_guide/docker/" >Quick Start<i class="fas fa-arrow-alt-circle-right ml-2"></i></a>
<a class="btn btn-lg btn-secondary mr-3 mb-4" href="https://github.com/google/gvisor" rel="noopener">GitHub <i class="fab fa-github ml-2"></i></a>
</div>
{{< /blocks/cover >}}
{{% blocks/lead color="secondary" %}}
gVisor is an open-source, <a href="https://www.opencontainers.org/" target="_blank" rel="noopener">OCI-compatible</a> sandbox runtime that provides a virtualized container environment. It runs containers with a new <a href="https://en.wikipedia.org/wiki/User_space" target="_blank" rel="noopener">user-space</a> kernel, delivering a low overhead container security solution for high-density applications.
gVisor integrates with <a href="https://www.docker.com/" target="_blank" rel="noopener">Docker</a>, <a href="https://containerd.io/" target="_blank" rel="noopener">containerd</a> and <a href="https://kubernetes.io/" target="_blank" rel="noopener">Kubernetes</a>, making it easier to improve the security isolation of your containers while still using familiar tooling. Additionally, gVisor supports a variety of underlying mechanisms for intercepting application calls, allowing it to run in diverse host environments, including cloud-hosted virtual machines.
{{% /blocks/lead %}}
{{< blocks/section color="dark" >}}
{{< blocks/feature icon="fas fa-lock" title="Defense in Depth" >}}
Each sandbox has its own user-space kernel, providing additional protection from host kernel vulnerabilities.
{{< /blocks/feature >}}
{{< blocks/feature icon="fas fa-feather-alt" title="Lightweight" >}}
Runs as a normal process and uses the host kernel for memory management and scheduling.
{{< /blocks/feature >}}
{{< blocks/feature icon="fab fa-linux" title="Zero Configuration" >}}
Capable of running most Linux applications unmodified, with zero configuration.
{{< /blocks/feature >}}
{{< /blocks/section >}}
{{< blocks/section color="white" >}}
{{< blocks/feature icon="fas fa-book" title="Read the Docs" >}}
Read the [documentation](./docs/) to understand gVisor, its architecture and trade-offs, and how to use it.
{{< /blocks/feature >}}
{{< blocks/feature icon="fas fa-code-branch" title="Contribute to gVisor" >}}
Anyone is welcome to be a gVisor contributor. Please check out the [community information](./docs/community) to get started.
{{< /blocks/feature >}}
{{< blocks/feature icon="fab fa-github" title="Give Feedback" >}}
File feature requests, bugs, and compatibility issues on <a href="https://github.com/google/gvisor/issues" target="_blank" rel="noopener">GitHub</a>.
{{< /blocks/feature >}}
{{< /blocks/section >}}
|