gVisor Networking Security

By Ian Gudger on 02 April 2020

In our first blog post, we covered some secure design principles and how they guided the architecture of gVisor as a whole. In this post, we will cover how these principles guided the networking architecture of gVisor, and the tradeoffs involved. In particular, we will cover how these principles culminated in two networking modes, how they work, and the properties of each.

Full Post »

gVisor Security Basics - Part 1

By Jeremiah Spradlin and Zach Koopmans on 18 November 2019

This blog is a space for engineers and community members to share perspectives and deep dives on technology and design within the gVisor project. Though our logo suggests we’re in the business of space exploration (or perhaps fighting sea monsters), we’re actually in the business of sandboxing Linux containers. When we created gVisor, we had three specific goals in mind; container-native security, resource efficiency, and platform portability. To put it simply, gVisor provides efficient defense-in-depth for containers anywhere.

Full Post »