Google gvisor container runtime sandbox

Gvisor was released 5 months ago and promoted with Google Cloud Platform's push for python3.7 support. Google identified the need for a user-space kernel to act as a sandbox in container/docker environments. Gvisor is written in Golang, provides a swop in runtime for docker and provides a additional layer of kernel protection from your executed code. Google's gvisor aims to protect the host kernel with “employs rule-based execution to provide defense-in-depth”. Will cover a quick intro and how easy it is to get going with gvisor.



Christo Goosen

By day I work in a Insuretech ( startup, by night a OWASP CPT and Bsides CPT organizer. I love devops, scale and security. Love to see security as part of the process and an enabler, rather than a blocker.