Googleが軽量サンドボックスをOSSで公開

Google、Docker/k8s向け軽量サンドボックスgVisorをOSS公開。VM並みの隔離性をVMなしで実現。これ公開したの驚いた。 https://cloudplatform.googleblog.com/2018/05/Open-sourcing-gVisor-a-sandboxed-container-runtime.html …

Kazunori Sato on Twitter: "Google、Docker/k8s向け軽量サンドボックスgVisorをOSS公開。VM並みの隔離性をVMなしで実現。これ公開したの驚いた。 https://t.co/kXZGqYeaQP… "

A growing desire to run more heterogenous and less trusted workloads has created a new interest in sandboxed containers—containers that help provide a secure isolation boundary between the host OS and the application running inside the container. To that end, we’d like to introduce gVisor, a new kind of sandbox that helps provide secure isolation for containers, while being more lightweight than a virtual machine (VM). gVisor integrates with Docker and Kubernetes, making it simple and easy to run sandboxed containers in production environments.

Open-sourcing gVisor, a sandboxed container runtime | Google Cloud Blog