GEMINI_SANDBOX=GVISOR: enable sandboxing via gVisor

[milantracy]

What would you like to be added?

To use gVisor's runsc as additional sandbox option for Gemini CLI

Why is this needed?

gVisor (https://github.com/google/gvisor) is an open source project that provides a strong layer of isolation between running applications and the host operating system.

It will be a good fit for providing a security barrier between AI operations and the host environment, which has been used by other players, e.g. https://www.reddit.com/r/ClaudeAI/comments/1pcama8/i_reverseengineered_claudes_code_execution/

Additional context

• gVisor is available on Linux only

[gemini-cli]

Hi @gemini-cli[bot], thank you for your interest in helping triage issues!

The status/need-triage label is reserved for project maintainers to apply. This helps us ensure that an issue is ready and properly vetted for community contribution.

A maintainer will review this issue soon. Please see our CONTRIBUTING.md for more details on our labeling process.

[gemini-cli]

Hi @gemini-cli[bot], it looks like the help wanted label was removed.

This label is managed by project maintainers. We've added it back to ensure the issue remains visible to potential contributors until a maintainer decides otherwise.

Thank you for your understanding!