Why Secure Containers Matter: From OCI to Kata and gVisor

Background and Naming

Phil Karlton famously said that the only two real problems in computer science are cache invalidation and naming; for the container community, naming is equally challenging. The term "Linux container" has been called Jail, Zone, Virtual Server, Sandbox, and more, reflecting its role in encapsulating and isolating workloads.

Definition of an Application Container

In cloud‑native contexts, a container is essentially an "application container"—a standard‑format package that runs on a standard OS environment (usually a Linux ABI). This definition follows the OCI (Open Container Initiative) spec, which dictates the root filesystem, entry point, user, CPU, memory, storage, and namespace requirements for the container.

What Is a Secure Container?

A secure container is a runtime technology that provides a complete OS execution environment for a containerized application while isolating the application from the host OS, preventing direct access to host resources and offering additional protection between hosts or between containers.

Indirect Layer: The Essence of Secure Containers

The security benefit comes from adding an extra isolation layer, as Linus Torvalds noted in 2015: the only true solution to security problems is to allow bugs to happen but block them with additional isolation. This layer reduces the attack surface of the host kernel.

Kata Containers: Cloud‑Native Virtualization

Kata Containers, announced at KubeCon 2017, combines two earlier projects (runV and Intel Clear Container) to provide a VM‑based isolation layer for Kubernetes Pods. Its design goals are:

Address the inability of container mechanisms alone to solve security by adding an isolation layer.

Leverage existing VM technology (e.g., QEMU, Firecracker, ACRN, cloud‑hypervisor) to achieve "secure as VM".

Maintain container‑level speed to achieve "fast as container".

Integration with Kubernetes (using containerd or CRI‑O) follows these steps:

containerd receives a pod request and creates a shim‑v2, representing the PodSandbox and its VMM.

The shim‑v2 launches a lightweight VM with a guest kernel (no full guest OS).

The container spec and rootfs are handed to the PodSandbox, where kata‑agent starts the container inside the VM.

Multiple containers in the same pod share the same VM and can share namespaces as needed.

External storage and volumes can be hot‑plugged into the PodSandbox.

Network is handled via tcfilter and an optional enlightened CNI plugin for enhanced performance.

Compared with traditional VMs, Kata Containers have lower overhead and faster startup, while still providing VM‑level isolation and additional benefits such as dynamic resource hot‑plugging and shared read‑only memory via DAX.

gVisor: Process‑Level Virtualization

gVisor, open‑sourced by Google in 2018, implements a user‑space kernel called sentry written in Go. It intercepts system calls from containerized applications, handling most of them itself and forwarding only a reduced set (about 60 out of 300+) to the host kernel, dramatically shrinking the attack surface.

Key design points:

Reduce the syscall surface to roughly 20% of the original set, focusing on well‑maintained, frequently used calls.

Isolate high‑risk syscalls such as open() into a separate process called Gofer, which can run with reduced privileges.

Implemented entirely in Go, benefiting from Go's memory safety while requiring custom runtime adjustments.

Advantages include a clean, minimal isolation layer and easier auditing; however, gVisor incurs higher overhead than Kata Containers for many workloads and lacks full Linux kernel compatibility.

Benefits Beyond Security

Secure containers also improve scheduling efficiency by reducing the host kernel’s view of individual container processes, lowering overhead for large clusters. Isolation prevents interference between pods and between pods and the host, enhancing service quality and protecting user data. Future secure container designs may further boost performance and enable more sophisticated cloud‑native infrastructure.

Summary

Secure containers provide a complete OS execution environment for applications while isolating them from the host, offering additional protection.

Kata Containers use lightweight VMs to deliver VM‑level security with container‑level speed, fully compatible with Kubernetes.

gVisor implements a user‑space kernel in Go, reducing the syscall surface and isolating high‑risk calls, but with higher overhead compared to Kata.

The isolation layer brings benefits beyond security, including better scheduling, reduced host load, and improved service quality.