The app kernel sandbox launches a KVM virtual machine and a guest kernel, without any application-level hypervisor or Linux kernel. This allows for customized optimization to speed up startup procedure, reduce memory overheads, and improve IO and network performance. Examples of such app kernel sandboxes include gVisor and Quark.
Quark is an application kernel sandbox that utilizes its own hypervisor named QVisor and a customized kernel called QKernel. With customized modifications to these components, Quark can achieve significant performance.
The quark-sandboxer of app kernel sandboxer starts Qvisor and an app kernel named Qkernel. Whenever containerd needs to start a container in the sandbox, the quark-task in QVisor will call Qkernel to launch a new container. All containers within the same pod will be running within the same process.
Please note that only Quark is currently supported.