I find the README of the repo much better to quickly understand what this software is and isn't.
Does anyone know if gVisor is used outside of Google? I know Firecracker is.
I'd rather use firecracker before I trust another one of those half-baked Google projects.
One of those Go isn't for systems programming kind of projects. /s
I used gVisor to sandbox containers for a short-lived "free-tier isolated-kubernetes-namespaces-as-a-service" startup. It was really neat, and it worked pretty damn well. Alas, we were attacked constantly by crypto miners and failed to make enough money to keep the free-tier online.
I still think there are some really fun projects yet-to-be-built harnessing very solid sandboxing. I had dreamed of a full-stack geocities revival. Oh well. +1 for gVisor, hopefully filesystem IO is faster now than it was several years ago.