According to the Google Cloud Run docs for the new 2nd gen runtime environment, running untrusted code using gVisor is supported (due to moving away from gVisor for 2nd gen as far as I understood). I'd like to use gVisor in a Google Cloud Run context to run untrusted binaries programmatically using gVisor (as a subprocess) – however, I don't really find any documentation on how to do so and was wondering whether I'd have to use docker-in-docker or gVisor standalone somehow.
Any hints on this are highly appreciated.