gVisor is an open-source Linux container runtime developed at Google that’s now the built-in optional security layer of Kubernetes. It solves the problem of giving unmodified Linux applications fast and safe access to local and remote resources. While gVisor is primarily associated with security it has other benefits like checkpoint-restore and separation of concerns. Erin Dahlgren talks about the trials and tribulations of developing the virtual file system collaboratively with YouTube. In particular she’ll describe the file proxying model she developed so unmodified applications like ffmpeg that expect local file access can access arbitrary data.