-
#gVisor isn’t filtering syscalls, it’s separating the system worlds fundamentally with Sentry, the userland kernel that does syscall emulation. As the attacker gets closer to the host, they’ll see smaller attack surface. I drew this diagram for the security blog with the authors. pic.twitter.com/AyIILezvIK
-
Someone just implemented slirp4netns with
#gVisor's netstack. Pretty cool
https://github.com/majek/slirpnetstack … -
"gVisor may be the biggest development since Kubernetes itself"
@apbhatnagar#KubeCon#gVisor pic.twitter.com/NX99twgWpy
-
For a noob dev like me, it would be very hard to hack
#gVisor. You see, it said clearly that there's "no stack overflow". Where should I copy & paste codes for my patches then? pic.twitter.com/S4lBhGO3fb
-
-
I threw together a demo of using gVisor's runsc command to illustrate how it can mitigate vulnerabilities like dirty cow
#KubeCon#gvisor https://youtu.be/TJJT8wc0T_c -
Frankly,
#gVisor team delivers really fast. https://twitter.com/wietsemuizelaar/status/1179078703487373312 … -
Here's a blog post introducing a new
#Container technology from@IBMResearch. It's essentially a sandbox technology like#gVisor but with better containment properties https://blog.hansenpartnership.com/a-new-method-of-containment-ibm-nabla-containers/ … -
Also
@containerd and#gVisor integration pic.twitter.com/QVpWEQhSQ3 – mjesto: Shanghai EXPO Centre | 上海世博中心
Prikaži ovu nit -
#gVisor hidden features: our interns are currently working on hooking up our built-in Checkpoint/Restore feature to the runsc API. I hope it will be ready soon! See e.g. https://github.com/google/gvisor/commit/92f31e91e3e56197b2b7a7ba34c6043f24844fd7 … andhttps://github.com/google/gvisor/commit/0f8c0c435b60a9bb33274576d79ea74b72801f31 … -
@AngelBarrera92 works with@Mattermost to fix their demo container image to be runnable on top of@kubernetesio and#gVisor https://github.com/mattermost/mattermost-docker-preview/issues/45 … -
-
The container security space is only getting better with time.
#gvisor is an OCI compatible runtime you can use with#docker and#kubernetes. More isolation than runc, less overhead than a full VM. https://cloudplatform.googleblog.com/2018/05/Open-sourcing-gVisor-a-sandboxed-container-runtime.html …Prikaži ovu nit -
Just mechanically generated 1941 cases to test
#gVisor on Docker. Then used@rstudio to help analyse and pin point to some of easiest test cases to reproduce bugs. These dataframes were for `open` syscall returning 13 and 20 on some random files. Data analytics meet syscalls ;-)pic.twitter.com/JTywRaXdYH
-
If you like
#gVisor and want to import some of its Go packages directly without using Bazel,@tonistiigi built an awesome mirror: https://github.com/tonistiigi/gvisor … Instructions in the repo description. -
Looks like
@EnvoyProxy runs under#gvisor runsc. /cc@mattklein123@htuch314pic.twitter.com/iz0Dosko0N
Prikaži ovu nit -
Sandboxing Untrusted Code https://disaev.me/p/sandboxing-untrusted-code/ …
#docker#sandbox#firecracker#gvisor#microvm#security#golangci#aws -
Thanks to
#gvisor, I'm able to use#docker with crostini on my chromebook.pic.twitter.com/n34aqWVxAU
-
Getting familiar with
#gVisor takes time because it's actually a HUGE surface of Linux. Good news to me is that it's written in Golang, so easier to grok than C. Anyway, I'm still scratching only the surface. -
Thanks Jeff Meyerson interviewed
@yoshiat on#gVisor ! gVisor is important to help secure user codes/containers running in multi-tenant env. , e.g. Cloud Run, App Engines, etc. plus useful in GKE sandbox. github at https://gvisor.dev/ https://lnkd.in/gdB-cZu
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.