gvisor
App kernel
An application kernel that provides isolation between running applications and the host operating system
Application Kernel for Containers
16k stars
303 watching
1k forks
Language: Go
last commit: about 1 month ago
Linked from 4 awesome lists
containersdockerkernelkuberneteslinuxocisandbox
fabacab/awesome-cybersecurity-blueteam
rootsongjc/awesome-cloud-native
friz-zy/awesome-linux-containers
puresec/awesome-serverless-securityRelated projects:
| Repository | Description | Stars |
|---|---|---|
| google/cadvisor | Analyze resource usage and performance of running containers | 17,304 |
 lxc/lxc | A low-level Linux container runtime that provides an isolated environment for running system containers with minimal kernel overhead. | 4,711 |
 ghedo/pflask | A tool for creating isolated process environments on Linux | 197 |
 opencontainers/runtime-spec | Develops standards for launching and managing application containers across different platforms | 3,247 |
| opencontainers/runc | A CLI tool for spawning and running containers on Linux according to the OCI specification | 11,987 |
 orhun/kmon | A tool that monitors and manages kernel activities, providing insights into system performance and resource utilization. | 2,573 |
 googlecloudplatform/runtimes-common | Tools and scripts for building, testing, and distributing container images on Google Cloud Platform | 93 |
 containers/bubblewrap | Sandboxing tool to provide isolation and security for unprivileged users | 4,010 |
 googlecontainertools/kaniko | A tool for building container images in Kubernetes without relying on a Docker daemon | 14,997 |
| google/nsjail | A lightweight process isolation tool for Linux that provides isolated environments for network services and local processes. | 3,008 |
| googlecloudplatform/aactl | Utility to import and manage vulnerabilities and attestations from container images into Google Cloud's Artifact Analysis service. | 10 |
| containers/common | Provides shared common files and utilities for container runtimes and engines. | 195 |
 distribution/distribution | A toolkit for storing and distributing container content using the OCI Distribution Specification. | 9,074 |
| googlecontainertools/distroless | Container images optimized to include only essential application dependencies and runtime libraries. | 19,379 |
| containers/crun | An OCI container runtime with a low memory footprint and C implementation | 3,102 |