# smolvm: A Tiny MicroVM Runtime for Sandboxing That Actually Feels Lightweight If you've ever needed to run untrusted code or isolate a workload without spinning up a full VM, you know the pain. Docker containers share a kernel, and full VMs like QEMU or Firecracker are powerful but heavy. What if there was something in between? Something that gives you hardware isolation but without the overhead of a full Linux VM? Meet **smolvm** — a minimal, embeddable MicroVM runtime that focuses on secure isolation with a very small footprint. It's not trying to replace Kubernetes or Docker. It's a tool for when you need real isolation but don't want to manage a hypervisor or a heavy init system. ## What It Does smolvm is a lightweight MicroVM runtime built on top of Linux's KVM (Kernel-based Virtual Machine). It bootstraps a tiny custom kernel (smol kernel) and runs your code in a minimal virtual machine that's isolated at the hardware level — no shared kernel, no fighting with seccomp or AppArmor. Think of it as a "Firecracker for mortals" that's been stripped down to the bare essentials. Key technical highlights from the repo: - **Minimal kernel** (~1MB) that boots in milliseconds
- **No init system** — your code runs directly as the first process
- **VirtIO devices** for networking and block storage
- **REST API** for managing VMs (create, delete, get info)
- **Memory limits** as low as 64MB
- **Designed for embedding** — can be used as a library or standalone daemon ## Why It’s Cool The real magic is in the design choices: 1. **No bloat.** Most VMs boot through BIOS, GRUB, and init. smolvm skips all that. Your code starts almost instantly.
2. **Real isolation.** Unlike containers, each MicroVM has its own kernel and cannot see the host kernel. This is great for running untrusted user code, CI tasks, or serverless functions.
3. **Tiny resource footprint.** You can run hundreds of these on a single machine without breaking a sweat. Each VM uses as little as a few dozen MBs of RAM.
4. **Simple API.** No YAML spaghetti. You interact with it via HTTP or directly as a Go library. It's designed to be predictable and debuggable. Potential use cases: - Running arbitrary user-compiled code in a sandbox - Isolating build steps in CI pipelines - Multi-tenant serverless backends - Testing kernel or system-level code without rebooting your laptop ## How to Try It First, make sure your system supports KVM (Linux only, but WSL2 with nested virtualization might work). Then clone the repo and build: ```bash
git clone https://github.com/smol-machines/smolvm
cd smolvm
make
You'll need Go installed (they use 1.21+). Once built, you can start the smolvm daemon:
sudo ./smolvm-d
This launches a REST API on port 8080. To create and run a tiny VM:
curl -X POST -H "Content-Type: application/json" \ -d '{"kernel":"path/to/vmlinux","cmdline":"","memory_mb":64}' \ http://localhost:8080/vm
You'll get back a VM ID. You can check its status or kill it. For more detailed examples, check the examples/ folder in the repo.
Final Thoughts
smolvm isn't trying to be the next D