gVisor is an application kernel written in Go that implements a substantial portion of the Linux system surface. It provides an additional layer of isolation between running applications and the host operating system, intercepting and handling application system calls in user space to reduce the attack surface of the host kernel.
URL: Visit APIs.json URL
- Type: Index
- Position: Consuming
- Access: Open Source
- Containers, Kernel, Linux, Open Source, Sandboxing, Security
- Created: 2026-03-26
- Modified: 2026-04-28
gVisor is an open-source application kernel written in Go that provides an additional layer of isolation between containerized applications and the host operating system. It implements a substantial portion of the Linux system call interface in user space, making it compatible with most Linux applications while providing stronger security guarantees than traditional container runtimes. gVisor does not expose REST or gRPC APIs; integration is via the OCI runtime interface (runsc) used by Docker and Kubernetes.
Human URL: https://gvisor.dev/
- Containers, Kernel, Linux, Open Source, Sandboxing, Security
FN: Kin Lane
Email: kin@apievangelist.com