I spin up a docker container using the docker API. I haven't used gvisor because I don't expect the model to try kernel level exploits. If it were the case, we're already doomed.