Gvisor and host network

[Konstantinos Mitsionis]

Hello,

I'm currently working with gVisor and I'm wondering if I lose all the security advantages provided by gVisor if I configure the runsc runtime with network=host. Specifically, I'm concerned about the impact this might have on network isolation and overall container security.

Could anyone clarify how this configuration affects the security posture of gVisor, and whether it's safe to use it in a production environment?

Thanks in advance!

[Etienne Perot]

This appears to be a duplicate of this thread, let's keep discussion there. I am linking it so that users browsing/finding the mailing list archives can be redirected accordingly.

--
You received this message because you are subscribed to the Google Groups "gVisor Users [Public]" group.
To unsubscribe from this group and stop receiving emails from it, send an email to gvisor-users...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/gvisor-users/e4beeda2-1e3a-4d40-82ee-966592f9a106n%40googlegroups.com.