We've run gVisor for over 2 years at Modal, and it's been a huge unlock for us. We get a secure sandbox with GPU support that can run on VMs. Just recently it allowed us to checkpoint/restore containers AND its GPUs[1].
gVisor's achilles heel is it's missing or inaccurate syscalls, but the gVisor team is first class in responding to Github issues so it's really quite manageable in practice if you know how to debug and hack on a userspace kernel.
How are you handling the GPU isolation? (This was a big challenge for us doing AMD-Vi KVM isolation).
In the past I'd heard people recommend against gVisor, and recommend looking at firecracker instead, because of I/O overhead. Is that something you've noticed at Modal? Obviously you're happy with gVisor, not suggesting you switch, just curious about your experience.
> userspace kernel
Is gVisor a Kernel or a syscall + select subsystems (like network/gpu) proxy? In my head, a monolith Kernel (like Linux) does more than just syscalls (like memory management, device management, filesystems etc).