A gVisor container runtime sandbox is an environment of processes to run containers. Each sandbox has its own isolated instance of Sentry and Gofer.
Gofer is a component of gVisor container runtime sandbox which provides file system access to the containers.
Sentry is a component of gVisor container runtime sandbox which is a kernel that runs containers and intercepts as well as responds to system calls.
App Platform uses the gVisor container runtime sandbox, but does not support some system calls.