Is gVisor stable enough to be used in a product?

127 views
Skip to first unread message

Shane Xu

unread,
Apr 12, 2023, 10:45:42 PM4/12/23
to gVisor Users [Public]
  1. Where can I see the design and planning of the project?
  2. How do I get the details of the current progress?
  3. Problems and difficulties

Etienne Perot

unread,
Apr 15, 2023, 3:30:41 AM4/15/23
to Shane Xu, gVisor Users [Public]
Hi Shane,

These are broad questions, but here's my attempt to answer them.

> Is gVisor stable enough to be used in a product?

gVisor is used in production at Google in various contexts. It is used in user-facing Cloud products such as Cloud Run, App Engine, Cloud Functions, and GKE Sandbox.
It is also used internally to sandbox untrusted workloads.
Outside of Google, other companies such as Ant FinancialDigital Ocean, and Cloudflare use it.

> Where can I see the design and planning of the project?

gVisor is open-source and has design documentation on its website. Planning is from a mix of internal and external contributions, such as feedback from this mailing list or other means to engage.

> How do I get the details of the current progress?

gVisor is never truly "complete", because it aims for Linux parity, which is a moving target. There are also a large number of peripheral features that are in various stages of implementation. Is there a more specific area or goal you're interested in?

> Problems and difficulties

I believe the largest problem of gVisor is lack of mindshare and adoption relative to the value it provides. The level of security provided by regular (e.g. Docker) containers isn't perfect, and I believe the world would be a better place if this problem was more widely recognized.
On a more technical level, another common problem gVisor users have is the performance overhead it adds to workloads. No security solution will be without some overhead, and we've been making great strides to improve this in recent months. Watch this space for updates.

--
You received this message because you are subscribed to the Google Groups "gVisor Users [Public]" group.
To unsubscribe from this group and stop receiving emails from it, send an email to gvisor-users...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/gvisor-users/e59d013d-c460-41eb-9d7e-5615a8e24807n%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages