Open-sourcing gVisor, a sandboxed container runtime

Open-sourcing gVisor, a sandboxed container runtime

  • May 22, 2018
Table of Contents

Open-sourcing gVisor, a sandboxed container runtime

Containers have revolutionized how we develop, package, and deploy applications. However, the system surface exposed to containers is broad enough that many security experts don’t recommend them for running untrusted or potentially malicious applications. A growing desire to run more heterogenous and less trusted workloads has created a new interest in sandboxed containers—containers that help provide a secure isolation boundary between the host OS and the application running inside the container.

To that end, we’d like to introduce gVisor, a new kind of sandbox that helps provide secure isolation for containers, while being more lightweight than a virtual machine (VM). gVisor integrates with Docker and Kubernetes, making it simple and easy to run sandboxed containers in production environments.

Source: googleblog.com

Tags :
Share :
comments powered by Disqus

Related Posts

Introducing Git protocol version 2

Introducing Git protocol version 2

Today we announce Git protocol version 2, a major update of Git’s wire protocol (how clones, fetches and pushes are communicated between clients and servers). This update removes one of the most inefficient parts of the Git protocol and fixes an extensibility bottleneck, unblocking the path to more wire protocol improvements in the future. The main motivation for the new protocol was to enable server side filtering of references (branches and tags).

Read More
Introducing Thanos: Prometheus at Scale

Introducing Thanos: Prometheus at Scale

Prometheus’s simple and reliable operational model is one of its major selling points. However, past a certain scale, we’ve identified a few shortcomings. To resolve those, we’re today officially announcing Thanos, an open source project by Improbable to seamlessly transform existing Prometheus deployments in clusters around the world into a unified monitoring system with unbounded historical data storage.

Read More
Things I’ve learned using serverless

Things I’ve learned using serverless

After the tour-de-force of Serverlessconf in October, I decided my entire company would be going serverless. I spent the first couple of months beating my head against the wall trying to migrate a Python Flask app to Lambda—these efforts helped me find a better way.

Read More