from Hacker News

GVisor: Linux-Compatible Sandbox

by jesprenj on 10/15/24, 10:53 PM with 10 comments

  • by erulabs on 10/16/24, 5:50 PM

    I used gVisor to sandbox containers for a short-lived "free-tier isolated-kubernetes-namespaces-as-a-service" startup. It was really neat, and it worked pretty damn well. Alas, we were attacked constantly by crypto miners and failed to make enough money to keep the free-tier online.

    I still think there are some really fun projects yet-to-be-built harnessing very solid sandboxing. I had dreamed of a full-stack geocities revival. Oh well. +1 for gVisor, hopefully filesystem IO is faster now than it was several years ago.

  • by mkayokay on 10/16/24, 6:22 AM

    I find the README of the repo much better to quickly understand what this software is and isn't.

    https://github.com/google/gvisor

  • by delduca on 10/16/24, 4:23 PM

    Does anyone know if gVisor is used outside of Google? I know Firecracker is.

  • by tsss on 10/16/24, 3:13 PM

    I'd rather use firecracker before I trust another one of those half-baked Google projects.

  • by pjmlp on 10/16/24, 7:56 AM

    One of those Go isn't for systems programming kind of projects. /s