A container sandbox runtime focused on security, efficiency, and ease of use.

Quick Start GitHub

gVisor is an open-source, OCI-compatible sandbox runtime that provides a virtualized container environment. It runs containers with a new user-space kernel, delivering a low overhead container security solution for high-density applications.

gVisor integrates with Docker, containerd and Kubernetes, making it easier to improve the security isolation of your containers while still using familiar tooling. Additionally, gVisor supports a variety of underlying mechanisms for intercepting application calls, allowing it to run in diverse host environments, including cloud-hosted virtual machines.

Defense in Depth

Each sandbox has its own user-space kernel, providing additional protection from host kernel vulnerabilities.


Runs as a normal process and uses the host kernel for memory management and scheduling.

Zero Configuration

Capable of running most Linux applications unmodified, with zero configuration.

Read the Docs

Read the documentation to understand gVisor, its architecture and trade-offs, and how to use it.

Contribute to gVisor

Anyone is welcome to be a gVisor contributor. Please check out the community information to get started.

Give Feedback

File feature requests, bugs, and compatibility issues on GitHub.