gvisor
App kernel
An application kernel that provides isolation between running applications and the host operating system
Application Kernel for Containers
16k stars
303 watching
1k forks
Language: Go
last commit: 5 days ago
Linked from 4 awesome lists
containersdockerkernelkuberneteslinuxocisandbox
fabacab/awesome-cybersecurity-blueteam
rootsongjc/awesome-cloud-native
friz-zy/awesome-linux-containers
puresec/awesome-serverless-securityRelated projects:
| Repository | Description | Stars |
|---|---|---|
| google/cadvisor | Analyze resource usage and performance of running containers | 17,182 |
 lxc/lxc | A low-level Linux container runtime that provides an isolated environment for running system containers with minimal kernel overhead. | 4,678 |
 ghedo/pflask | A tool for creating isolated process environments on Linux | 200 |
 opencontainers/runtime-spec | Develops standards for launching and managing application containers across different platforms | 3,227 |
| opencontainers/runc | A CLI tool for spawning and running containers according to the OCI specification. | 11,903 |
 orhun/kmon | A tool that monitors and manages kernel activities, providing insights into system performance and resource utilization. | 2,548 |
 googlecloudplatform/runtimes-common | Tools and scripts for building, testing, and distributing container images on Google Cloud Platform | 94 |
 containers/bubblewrap | Sandboxing tool to provide isolation and security for unprivileged users | 3,966 |
 googlecontainertools/kaniko | A tool for building container images in Kubernetes without relying on a Docker daemon | 14,882 |
| google/nsjail | A lightweight process isolation tool for Linux that provides isolated environments for network services and local processes. | 2,980 |
| googlecloudplatform/aactl | Utility to import and manage vulnerabilities and attestations from container images into Google Cloud's Artifact Analysis service. | 9 |
| containers/common | Provides shared common files and utilities for container runtimes and engines. | 191 |
 distribution/distribution | A toolkit for storing and distributing container content using the OCI Distribution Specification. | 9,002 |
| googlecontainertools/distroless | Container images optimized to include only essential application dependencies and runtime libraries. | 19,068 |
| containers/crun | An OCI container runtime with a low memory footprint and C implementation | 3,059 |