@mcc @inthehands Nice, that actually sounds pretty useful.

This without all the obnoxious contortions (like those #gvisor does) needed for similar results on Linux?

#gVisor : systrap actually outperforms kvm in a syscall microbenchmark? This is on baremetal...

systrap: ~8s
ptrace: ~121s (lmfao)
kvm: ~15s

(benchmark is just "perf bench syscall basic", which runs 10000000 getppid() calls, on Alpine Linux)

gVisor is a container security platform

https://gvisor.dev/

#gVisor #security #infra #CloudNative

Hoy a las 17:00 doy la charla:
Reforzando la seguridad de Kubernetes con #gvisor y #falco en la Kubernetes Community Days Spain.

¿te apuntas? 👉🏼 https://buff.ly/3sFRqdx

#CloudNative #sandboxing