docs(srv): update

SamyOubouaziz · SamyOubouaziz · commit c17b36aa81c8 · 2025-05-07T11:36:51.000+02:00
diff --git a/pages/serverless-containers/reference-content/containers-sandbox.mdx b/pages/serverless-containers/reference-content/containers-sandbox.mdx
@@ -1,3 +1,35 @@
-                    "label": "Containers sandbox",
-                    "slug": "containers-sandbox"
-                  },
+---
+meta:
+  title: Containers sandbox
+  description: Learn more about the sandboxing environments of Scaleway Serverless Containers.
+content:
+  h1: Containers sandbox
+  paragraph: Learn more about the sandboxing environments of Scaleway Serverless Containers.
+tags: containers sandbox sandboxing gvisor isolation mechanism serverless v1 v2 clock drift skew
+dates:
+  validation: 2025-05-07
+  posted: 2025-05-07
+categories:
+  - serverless
+  - containers
+---
+
+In the context of Scaleway Serverless Containers, a [Sandbox environment](/serverless-containers/concepts/#sandbox) is a critical security mechanism that isolates each container from others, ensuring that they operate in a secure and controlled space. Containers run in dedicated execution environments that prevent unauthorized access and potential interference between different resources.
+
+Scaleway Serverless Containers offers two sandbox environment options:
+
+- Sandbox v1 (legacy)
+- Sandbox v2 (recommended)
+
+## Sandbox v1
+
+Sandbox v1 is Serverless Containers' legacy sandboxing environment with slower [cold starts](/serverless-containers/concepts/#cold-start), but fully supports Linux system call interface. This option is recommended when processing large amounts of *syscalls*.
+
+<Message type="important">
+Sandbox v1 are known to experience clock drift over time. A difference of approximately **two seconds** can be observed after 24 hours of uninterrupted execution. This issue especially affects long-running containers, whereas short-lived containers are much less impacted.
+</Message>
+
+## Sandbox v2
+
+Sandbox v2 is a modern isolation environment that relies on [gVisor](https://gvisor.dev/). This option offers faster [cold starts](/serverless-containers/concepts/#cold-start), but only implements a selection of Linux syscalls.
+Refer to the [official gVisor documentation](https://gvisor.dev/docs/user_guide/compatibility/linux/amd64/) for a comprehensive list of supported syscalls.
