.
Sign in

Technology

libkrun

libkrun is a dynamic library providing robust, hardware-level process isolation for applications, leveraging KVM on Linux and Hypervisor.framework on macOS/ARM64.

This technology delivers the strong security boundary of a microVM with the lightweight footprint of a container: it embeds a minimal Virtual Machine Monitor (VMM) directly into the host process's memory space. libkrun abstracts complex virtualization via a simple C API, utilizing KVM on Linux and HVF on macOS/ARM64. The design prioritizes a minimal footprint, achieving sub-second boot times and low resource consumption. Projects like the crun container runtime integrate libkrun to add virtualization-based isolation to container workloads. Specialized variants (e.g., libkrun-sev, libkrun-tdx) further enable confidential computing by supporting hardware memory encryption like AMD SEV-SNP and Intel TDX.

https://github.com/containers/libkrun
1 project · 1 city

Related technologies

microVM 1 Rust 73 Sandboxing 2

Recent Talks & Demos

Showing 1-1 of 1

Members-Only

Sign in to see who built these projects

Sign in View FAQ
MicroVMs for AI Agent Sandboxing
Seattle Feb 9
Rust libkrun
Events Gallery