I believe it uses the latter, but the missing piece is a userspace TCP/IP stack, since otherwise you'd need TUN device permissions to bridge over the impendence mismatch of sockets and IP packets containing TCP/UDP segments/datagrams.
Ugh, now this is driving me crazy. So I'm 99% sure that that exists, but I cannot for the life of me find the link. There's a CDN / edge compute company that gets published on HN semi-regularly that has this sweet client that... does a lot of things, but among them is connecting to your serverless containers by actually instantiating an entire TCP/IP stack in the application that's hooked up to the remote end over a wireguard proxy that's also in-application...
It uses gVisor for that.