gVisor is an application kernel, written in Go, that implements a substantial portion of the Linux system call interface. It provides an additional layer of isolation between running applications and the host operating system.
Found on https://marc.info/?l=9fans&m=165401374021100&w=2