Popular:
Virtualization DNS security formal verification reachability analysis compiler errors macro conflict web extension development framework Bitmap Graphics API inconsistencies All Tags

TinyKVM: Blazing Fast Single-Process Sandbox

2025-03-14
TinyKVM: Blazing Fast Single-Process Sandbox

A PhD student and game developer, alongside working on libriscv and an untitled game, created TinyKVM, a KVM-based single-process sandbox. TinyKVM runs static Linux ELF programs with near-native performance and incredibly low call overhead (around 2us). Leveraging hugepages for performance boosts, it supports GDB debugging and efficient VM resets, making it suitable for sandboxing Linux programs, even large language models (LLMs). TinyKVM boasts a minimal codebase, prioritizing security with a minimized attack surface. Future plans include Intel TDX/AMD SEV and AArch64 architecture support.

(info.varnish-software.com)
Development
ATProto: It's Not What You Think
Building a Personalized Calendar with Org-mode