Google has released gVisor in 9 months ago, a new kind of sandbox that can be used to provide secure
isolation for containers that is less resource intensive than running a full virtual machine (VM).
At its core, gVisor is an open source user-space kernel, written in Go,
that implements a substantial portion of the Linux system surface.
It includes an Open Container Initiative (OCI) runtime called runsc that provides an isolation boundary between the application and the host kernel.
The runsc runtime integrates with Docker and Kubernetes, making it simple to run sandboxed container.
Now, we have enabled gVisor ptrace platform on Arm64 platform. In this presentation, we will introduce and show our progress.
Also we will show a demo of gVisor on Arm64 platform.
Software Engineer at ARM
Software Engineer in Arm Open Source Software team. Mainly focus on Virtualization, Containers and Security.