gvisor

Application Kernel for Containers (by google)

Gvisor Alternatives

Similar projects and alternatives to gvisor

  1. linux

    1,061 gvisor VS linux

    Linux kernel source tree

  2. InfluxDB

    InfluxDB – Built for High-Performance Time Series Workloads. InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now.

    InfluxDB logo
  3. kubernetes

    Production-Grade Container Scheduling and Management

  4. prometheus

    The Prometheus monitoring system and time series database.

  5. WSL

    432 gvisor VS WSL

    Windows Subsystem for Linux

  6. podman

    401 gvisor VS podman

    Podman: A tool for managing OCI containers and pods.

  7. containerd

    An open and reliable container runtime

  8. Clippy

    121 gvisor VS Clippy

    A bunch of lints to catch common mistakes and improve your Rust code. Book: https://doc.rust-lang.org/clippy/

  9. SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    SaaSHub logo
  10. TinyGo

    Go compiler for small places. Microcontrollers, WebAssembly (WASM/WASI), and command-line tools. Based on LLVM.

  11. gccrs

    104 gvisor VS gccrs

    GCC Front-End for Rust

  12. istio

    99 gvisor VS istio

    Connect, secure, control, and observe services.

  13. firecracker

    81 gvisor VS firecracker

    Secure and fast microVMs for serverless computing.

  14. WASI

    54 gvisor VS WASI

    WebAssembly System Interface

  15. bottlerocket

    An operating system designed for hosting containers

  16. garden

    41 gvisor VS garden

    Automation for Kubernetes development and testing. Spin up production-like environments for development, testing, and CI on demand. Use the same configuration and workflows at every step of the process. Speed up your builds and test runs via shared result caching

  17. runc

    37 gvisor VS runc

    CLI tool for spawning and running containers according to the OCI specification

  18. gatekeeper

    🐊 Gatekeeper - Policy Controller for Kubernetes

  19. kata-containers

    Kata Containers is an open source project and community working to build a standard implementation of lightweight Virtual Machines (VMs) that feel and perform like containers, but provide the workload isolation and security advantages of VMs. https://katacontainers.io/

  20. cloud-hypervisor

    A Virtual Machine Monitor for modern Cloud workloads. Features include CPU, memory and device hotplug, support for running Windows and Linux guests, device offload with vhost-user and a minimal compact footprint. Written in Rust with a strong focus on security.

  21. firecracker-containerd

    firecracker-containerd enables containerd to manage containers as Firecracker microVMs

  22. sysbox

    24 gvisor VS sysbox

    An open-source, next-generation "runc" that empowers rootless containers to run workloads such as Systemd, Docker, Kubernetes, just like VMs.

  23. SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    SaaSHub logo
NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a better gvisor alternative or higher similarity.

gvisor discussion

Log in or Post with

gvisor reviews and mentions

Posts with mentions or reviews of gvisor. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2025-04-23.
  • Kubernetes Without Docker: Why Container Runtimes Are Changing the Game in 2025
    7 projects | dev.to | 23 Apr 2025
    gVisor: Sandboxed Container Runtime by Google For when your security team actually audits things.
  • Reverse Engineering OpenAI Code Execution to make it run C and JavaScript
    1 project | news.ycombinator.com | 12 Mar 2025
    > why would they be running such an old Linux?

    They didn't.

    OP misunderstood what gVisor is, and thought gVisor's uname() return [1] was from the actual kernel. It's not. That's the whole point of gVisor. You don't get to talk to the real kernel.

    [1] https://github.com/google/gvisor/blob/c68fb3199281d6f8fe02c7...

  • WASM Will Replace Containers
    21 projects | news.ycombinator.com | 11 Feb 2025
    You can use something like https://github.com/google/gvisor as a container runtime for podman or docker. It's a good hybrid between VMs and containers. The container is put into sort of VM via kvm, but it does not supply a kernel and talks to a fake one. This means that security boundary is almost as strong as VM, but mostly everything will work like in a normal container.

    E.g. here's I can read host filesystem even though uname says weird things about the kernel container is running in:

      $ sudo podman run -it --runtime=/usr/bin/runsc_wrap -v /:/app debian:bookworm  /bin/bash
  • Lies we tell ourselves to keep using Golang
    16 projects | news.ycombinator.com | 26 Nov 2024
    To be pedantic for a moment...

    > You can't use Go to write a kernel ...

    Not a production kernel, but MIT did use Go to "study the performance trade-offs of using a high-level language with garbage collection to implement a kernel" [1]

    There is also gVisor [2] which implements, as best as I can describe, a kernel in user space. It's intent is to intercept syscalls made in containers and to redirect its execution in a sandbox.

    > ... program a microcontroller ...

    I'm not sure if one would classify this as a microcontroller, but USB Armory did write a, iirc, Go compliant runtime for bare metal ARM and RISC-V [3]

    [1] https://github.com/mit-pdos/biscuit

    [2] https://gvisor.dev/

    [3] https://github.com/usbarmory/tamago

  • Comparing 3 Docker container runtimes - Runc, gVisor and Kata Containers
    5 projects | dev.to | 29 Oct 2024
    Although the documentation also mentions "youki", that is mentioned as a "drop-in replacement" of the default runtime basically doing the same, so let's stick with runc. The second runtime will be Kata runtime from Kata containers, since it runs small virtual machines which is good for showing how differently it uses the CPU and memory. This also adds a higher level of isolation with some downsides as well. And the third runtime will be runsc from gVisor which is a perfect third runtime to see how we can run containers and still have a little more secure isolation. I will show how we can recognize the differences by running commands from the isolated environments and from the host.
  • GVisor: Linux-Compatible Sandbox
    3 projects | news.ycombinator.com | 15 Oct 2024
    I find the README of the repo much better to quickly understand what this software is and isn't.

    https://github.com/google/gvisor

  • Unfashionably secure: why we use isolated VMs
    6 projects | news.ycombinator.com | 25 Jul 2024
    If you think about it virtualization is just a narrowing of the application-kernel interface. In a standard setting the application has a wide kernel interface available to it with dozens (ex. seccomp) to 100's of syscalls. A vulnerablility in any one of which could result in complete system compromise.

    With virtualization the attack surface is narrowed to pretty much just the virtualization interface.

    The problem with current virtualization (or more specifically, the VMM's) is that it can be cumbersome, for example memory management is a serious annoyance. The kernel is built to hog memory for cache and etc. but you don't want the guest to be doing that - since you want to overcommit memory as guests will rarely use 100% of what is given to them (especially when the guest is just a jailed singular application), workarounds such as free page reporting and drop_caches hacks exist.

    I would expect eventually to see high performance custom kernels for a application jails - for example: gVisor[1] acts as a syscall interceptor (and can use KVM too!) and a custom kernel. Or a modified linux kernel with patched pain points for the guest.

    [1] <https://gvisor.dev/>

  • Syd the perhaps most sophisticated sandbox for Linux
    1 project | news.ycombinator.com | 17 Jul 2024
  • Hacking Alibaba Cloud's Kubernetes Cluster
    3 projects | dev.to | 1 Jul 2024
    Hillai: Following our research, Alibaba took several steps to address the vulnerabilities we discovered. They limited image pull secret permissions to read-only access, preventing unauthorized uploads. Additionally, they implemented a secure container technology similar to Google's gVisor project. This technology hardens containers and makes them more difficult to escape from, adding another layer of security.
  • We Improved the Performance of a Userspace TCP Stack in Go by 5X
    4 projects | news.ycombinator.com | 5 Jun 2024
    If you want to use netstack without Bazel, just use the go branch:

    https://github.com/google/gvisor/tree/go

    go get gvisor.dev/gvisor/pkg/tcpip@go

    The go branch is auto generated with all of the generated code checked in.

  • A note from our sponsor - SaaSHub
    www.saashub.com | 23 Jun 2025
    SaaSHub helps you find the best software and product alternatives Learn more →

Stats

Basic gvisor repo stats
77
16,607
9.8
2 days ago

Sponsored
InfluxDB – Built for High-Performance Time Series Workloads
InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now.
www.influxdata.com

Did you know that Go is
the 4th most popular programming language
based on number of references?