Google launches the gVisor container runtime

Google has announcedthe open-sourcing of gVisor, a sandboxed container runtime."gVisor is more lightweight than a VM while maintaining a similarlevel of isolation. The core of gVisor is a kernel that runs as a normal,unprivileged process that supports most Linux system calls. This kernel iswritten in Go, which was chosen for its memory- and type-safety. Just likewithin a VM, an application running in a gVisor sandbox gets its own kerneland set of virtualized devices, distinct from the host and othersandboxes."