microvm.nix
crosvm
Our great sponsors
microvm.nix | crosvm | |
---|---|---|
7 | 7 | |
998 | 723 | |
- | 4.3% | |
9.3 | 9.9 | |
8 days ago | 1 day ago | |
Nix | Rust | |
MIT License | BSD 3-clause "New" or "Revised" License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
microvm.nix
-
Tvix – A New Implementation of Nix
- Generating virtual machines/installators from a configuration: https://github.com/astro/microvm.nix and https://github.com/nix-community/nixos-generators
- NixOS MicroVMs
-
Is there a nixos solution for hyperconverged infrastructure?
MicroVM.nix, which creates firecracker/cloud-hypervisor/qemu/etc VMs: https://github.com/astro/microvm.nix
-
Make your QEMU 10 times faster with this one weird trick
FWIW, the contemporary alternative to 9p is virtiofs. It is implemented as a separate service that is running aside the hypervisor. Originally out of qemu, it was rewritten in Rust as a freestanding project that can also be used with cloud-hypervisor and crosvm.
https://gitlab.com/virtio-fs/virtiofsd
On NixOS: https://github.com/astro/microvm.nix
- microvm.nix: A Nix Flake to Easily Run NixOS MicroVMs on NixOS
- Microvm.nix: A Nix Flake to Easily Run NixOS MicroVMs on NixOS
crosvm
- Crosvm: The ChromeOS Virtual Machine Monitor
-
I'm releasing cargo-sandbox
The Linux kernel has a huge attack surface, and privilege escalation vulnerabilities abound. This is why https://gvisor.dev/ exists - it's a memory-safe proxy for Linux syscalls. This is also why Chrome OS runs its Linux environment in a custom hypervisor written in Rust instead of containers.
-
Make your QEMU 10 times faster with this one weird trick
Same protocol, but the implementation is at the discretion of whoever writes the server code.
For example I went to check and in crosvm we use a BTreeMap already for Fids for our p9 implementation (thankfully): https://github.com/google/crosvm/blob/main/common/p9/src/ser...
-
Firecracker: Lightweight Virtualization for Serverless Applications (2020)
I'm not sure, but maybe because it started as a fork of crosvm[0]?
[0]: https://github.com/google/crosvm
-
Is the source code for the Terminal app published online somewhere?
However i think what you're looking for is rather backend stuff, maybe take a look at here.
-
Bubblewrap: Unprivileged Sandboxing Tool for Linux
I've also been looking into shipping apps as VM images with a minimal kernel. Do you know if WHPX requires the user to have admin rights? On the host side, Windows and Mac ports of crosvm [1] could be useful. crosvm seems to have all the necessary virtio device types, but a greater focus on security than QEMU.
[1]: https://google.github.io/crosvm/
- Crosvm – The Chrome OS Virtual Machine Monitor
What are some alternatives?
nix-cargo-integration - Library to easily and effortlessly integrate Cargo projects with Nix.
cloud-hypervisor - A Virtual Machine Monitor for modern Cloud workloads. Features include CPU, memory and device hotplug, support for running Windows and Linux guests, device offload with vhost-user and a minimal compact footprint. Written in Rust with a strong focus on security.
nixt - Simple unit-testing for Nix [maintainer=@Lord-Valen]
nsjail - A lightweight process isolation tool that utilizes Linux namespaces, cgroups, rlimits and seccomp-bpf syscall filters, leveraging the Kafel BPF language for enhanced security.
namaka - Snapshot testing for Nix based on haumea [maintainer=@figsoda]
qemu - QEMU commit queue for 9P (aka 9pfs) changes only. Please see http://wiki.qemu.org/Contribute/SubmitAPatch for how to submit changes to QEMU. Pull Requests are ignored. Please only use release tarballs from the QEMU website.
flake-utils - Pure Nix flake utility functions [maintainer=@zimbatm]
slog - Structured, contextual, extensible, composable logging for Rust
skyflake - NixOS Hyperconverged Infrastructure on Nomad/NixOS
firecracker - Secure and fast microVMs for serverless computing.
examples - Examples of Emacs configurations using twist.nix
virtiofsd