{"id":50418189,"url":"https://github.com/asterinas/gvisor","last_synced_at":"2026-05-31T07:02:28.306Z","repository":{"id":178276767,"uuid":"659546007","full_name":"asterinas/gvisor","owner":"asterinas","description":null,"archived":false,"fork":false,"pushed_at":"2024-01-03T05:43:39.000Z","size":58723,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":3,"default_branch":"20200921.0","last_synced_at":"2024-04-18T02:12:48.747Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/asterinas.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":"GOVERNANCE.md","roadmap":null,"authors":"AUTHORS"}},"created_at":"2023-06-28T04:21:42.000Z","updated_at":"2024-04-18T02:12:48.748Z","dependencies_parsed_at":"2023-12-26T03:45:10.017Z","dependency_job_id":null,"html_url":"https://github.com/asterinas/gvisor","commit_stats":null,"previous_names":["jinzhao-dev/gvisor","asterinas/gvisor"],"tags_count":140,"template":false,"template_full_name":null,"purl":"pkg:github/asterinas/gvisor","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/asterinas%2Fgvisor","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/asterinas%2Fgvisor/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/asterinas%2Fgvisor/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/asterinas%2Fgvisor/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/asterinas","download_url":"https://codeload.github.com/asterinas/gvisor/tar.gz/refs/heads/20200921.0","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/asterinas%2Fgvisor/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33722156,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-05-31T02:00:06.040Z","response_time":95,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-05-31T07:02:27.621Z","updated_at":"2026-05-31T07:02:28.288Z","avatar_url":"https://github.com/asterinas.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"![gVisor](g3doc/logo.png)\n\n![](https://github.com/google/gvisor/workflows/Build/badge.svg)\n[![gVisor chat](https://badges.gitter.im/gvisor/community.png)](https://gitter.im/gvisor/community)\n[![code search](https://img.shields.io/badge/code-search-blue)](https://cs.opensource.google/gvisor/gvisor)\n\n## What is gVisor?\n\n**gVisor** is an application kernel, written in Go, that implements a\nsubstantial portion of the Linux system surface. It includes an\n[Open Container Initiative (OCI)][oci] runtime called `runsc` that provides an\nisolation boundary between the application and the host kernel. The `runsc`\nruntime integrates with Docker and Kubernetes, making it simple to run sandboxed\ncontainers.\n\n## Why does gVisor exist?\n\nContainers are not a [**sandbox**][sandbox]. While containers have\nrevolutionized how we develop, package, and deploy applications, using them to\nrun untrusted or potentially malicious code without additional isolation is not\na good idea. While using a single, shared kernel allows for efficiency and\nperformance gains, it also means that container escape is possible with a single\nvulnerability.\n\ngVisor is an application kernel for containers. It limits the host kernel\nsurface accessible to the application while still giving the application access\nto all the features it expects. Unlike most kernels, gVisor does not assume or\nrequire a fixed set of physical resources; instead, it leverages existing host\nkernel functionality and runs as a normal process. In other words, gVisor\nimplements Linux by way of Linux.\n\ngVisor should not be confused with technologies and tools to harden containers\nagainst external threats, provide additional integrity checks, or limit the\nscope of access for a service. One should always be careful about what data is\nmade available to a container.\n\n## Documentation\n\nUser documentation and technical architecture, including quick start guides, can\nbe found at [gvisor.dev][gvisor-dev].\n\n## Installing from source\n\ngVisor builds on x86_64 and ARM64. Other architectures may become available in\nthe future.\n\nFor the purposes of these instructions, [bazel][bazel] and other build\ndependencies are wrapped in a build container. It is possible to use\n[bazel][bazel] directly, or type `make help` for standard targets.\n\n### Requirements\n\nMake sure the following dependencies are installed:\n\n*   Linux 4.14.77+ ([older linux][old-linux])\n*   [Docker version 17.09.0 or greater][docker]\n\n### Building\n\nBuild and install the `runsc` binary:\n\n```sh\nmake runsc\nsudo cp ./bazel-bin/runsc/linux_amd64_pure_stripped/runsc /usr/local/bin\n```\n\n### Testing\n\nTo run standard test suites, you can use:\n\n```sh\nmake unit-tests\nmake tests\n```\n\nTo run specific tests, you can specify the target:\n\n```sh\nmake test TARGETS=\"//runsc:version_test\"\n```\n\n### Using `go get`\n\nThis project uses [bazel][bazel] to build and manage dependencies. A synthetic\n`go` branch is maintained that is compatible with standard `go` tooling for\nconvenience.\n\nFor example, to build and install `runsc` directly from this branch:\n\n```sh\necho \"module runsc\" \u003e go.mod\nGO111MODULE=on go get gvisor.dev/gvisor/runsc@go\nCGO_ENABLED=0 GO111MODULE=on sudo -E go build -o /usr/local/bin/runsc gvisor.dev/gvisor/runsc\n```\n\nSubsequently, you can build and install the shim binaries for `containerd`:\n\n```sh\nGO111MODULE=on sudo -E go build -o /usr/local/bin/gvisor-containerd-shim gvisor.dev/gvisor/shim/v1\nGO111MODULE=on sudo -E go build -o /usr/local/bin/containerd-shim-runsc-v1 gvisor.dev/gvisor/shim/v2\n```\n\nNote that this branch is supported in a best effort capacity, and direct\ndevelopment on this branch is not supported. Development should occur on the\n`master` branch, which is then reflected into the `go` branch.\n\n## Community \u0026 Governance\n\nSee [GOVERNANCE.md](GOVERNANCE.md) for project governance information.\n\nThe [gvisor-users mailing list][gvisor-users-list] and\n[gvisor-dev mailing list][gvisor-dev-list] are good starting points for\nquestions and discussion.\n\n## Security Policy\n\nSee [SECURITY.md](SECURITY.md).\n\n## Contributing\n\nSee [Contributing.md](CONTRIBUTING.md).\n\n[bazel]: https://bazel.build\n[docker]: https://www.docker.com\n[gvisor-users-list]: https://groups.google.com/forum/#!forum/gvisor-users\n[gvisor-dev]: https://gvisor.dev\n[gvisor-dev-list]: https://groups.google.com/forum/#!forum/gvisor-dev\n[oci]: https://www.opencontainers.org\n[old-linux]: https://gvisor.dev/docs/user_guide/networking/#gso\n[sandbox]: https://en.wikipedia.org/wiki/Sandbox_(computer_security)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fasterinas%2Fgvisor","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fasterinas%2Fgvisor","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fasterinas%2Fgvisor/lists"}