[eyberg]

If you want to join us in the peanut gallery, AWS originally "adapted" Google's crosvm for firecracker.

gVisor, if not using hw-backed virtualization, has absolutely horrendous performance because of, amongst other things, ptrace, which is one reason why this blogpost exists.

[znkr]

Note that ptrace is only one platform and it’s no longer even the default. It’s been replaced by systrap. When running on bare metal, the KVM platform provides the best performance: https://gvisor.dev/docs/architecture_guide/platforms/

[intelVISA]

Outside of the peanut gallery we just roll our own VMM, VMX and friends is well established at this point why settle for a hacky impl.?

[amscanne]

This sort of feels like seeing someone riding a bike and saying: why don’t they just get a car? The simple fact is that containers and VMs are quite different.

I’m responding to what I believe is the intent of the comment, but I will also point out that on a literal level it doesn’t make sense. Whether something uses VMX and friends or not is a red herring, as gVisor also “rolls it own” VMM [1] and certainly makes use of VMX and friends.

[1] https://github.com/google/gvisor/tree/master/pkg/sentry/plat...

[intelVISA]

Apologies my reply was toward Firecracker, I appreciate gVisor is a sandbox solution/KVM shim rather than a true VMM.

[amscanne]

Ah, now it makes more sense to me. Thank you for the clarification.