Techly NewsGet the app

Get the latest tech news

What is gVisor?


It has been a really long time since I last wrote something here as life happens, things get busier, etc etc. I am now trying to get back into writing things down and here we go! So, imagine a tool or a service that allows you to run some arbitrary code via a shell. Either through a ssh or more commonly, via a web terminal. How does these tools isolate your code from other people’s code and vice versa ? How come you cannot see other people code or processes ?

Because it’s written in Go (a memory-safe language), it helps avoid many common security pitfalls found in C-based kernels (like buffer overflows, use-after-free, etc.). From the Sentry’s perspective, sleep infinity is certainly a process running within its emulated kernel environment (as seen in your container’s ps aux output ). List of usecase/users from the official site The first generation of GCP CloudRun used gVisor as noted here but I read that they have moved back to hypervisors/plain Linux Kenel for being more performant for more common workloads.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of gVisor

gVisor

« Matrix Is Not Safe for EU Data Privacy
Anaconda Raises $150M Series C »