gVisor provides defense-in-depth for container workloads by implementing an application kernel in user space that intercepts and handles system calls from containerized applications. Rather than allowing containers to make system calls directly to the host Linux kernel, gVisor's Sentry component implements the Linux system call interface independently, providing a security boundary that contains the impact of kernel vulnerabilities and container escape exploits.
The OCI-compatible runtime integrates with Docker and Kubernetes through the runsc runtime, replacing the standard runc container runtime with gVisor's sandboxed execution environment. Applications run unmodified inside gVisor containers, though some system calls that are uncommon in typical web applications may not be implemented. The compatibility coverage is sufficient for most web services, databases, and application servers.
Google uses gVisor extensively in production, including as the isolation layer for Cloud Run serverless containers, GKE Sandbox for multi-tenant Kubernetes workloads, and internal services that require strong isolation guarantees. With over 18,000 GitHub stars and Apache 2.0 licensing, gVisor provides the same container security technology that Google trusts for its own infrastructure to any organization running container workloads.