|
|
|
|
|
|
by iangudger
2875 days ago
|
|
|
I work on gVisor. The answer is that having a separate kernel is required to achieve a high degree of isolation and by definition Linux containers share a kernel with the host. A separate Linux kernel could work as well, but gVisor tries to achieve a different set of trade-offs. |
|
|