Directfs significantly improves performance for certain workloads. This is part of our ongoing efforts to improve gVisor performance.

Google Open Source is Google's initiative for promoting open-source software development and collaboration, offering tools, resources, and best practices for open-source projects. Developers can learn about Google's open-source projects, contribution guidelines, and community engagement to participate in and contribute to open-source projects effectively.

Google Open Source Blog

Google Open Source Blog gVisor is a sandboxing technology that provides a secure environment for running untrusted code. Directfs is a new filesystem access mode that uses these primitives to expose the container filesystem to the sandbox in a secure manner. The sandbox process is not given access to anything mounted on the broader host.

Optimizing gVisor filesystems with Directfs

Isolating the Container Filesystem in runsc