I am curious to know which is provably better approach for protecting host kernel and which would be better to be adopted in android's context as it is mentioned(https://grapheneos.org/faq#roadmap):

1) gvisor's approach: intercepts syscalls does some checks and things like implements its own netstack in go and sentry for filesystem. Surely it protects from some of kernel bugs but it is not complete.

2) firecracker/crosvm's approach: virtualize hardware using host kerel api which is far more complex than making a system call(like in 1st approach). It has larger attack surface than gvisor.