Comment by binsquare

3 days ago

So... I'm working on an open source technology to make a literal virtual machine shippable i.e. freezing everything inside it, isolated due to vm/hypervisor for sandboxing, with support for containers too since it's a real linux vm.

The problems you mentioned resonated a lot with me and why I'm building it, any interest in working to solve that together?: https://github.com/smol-machines/smolvm

18 comments

binsquare

Reply
jFriedensreich  2 days ago

Thanks for the pointer! Love the premise project. Just a few notes:

- a security focused project should NOT default to train people installing by piping to bash. If i try previewing the install script in the browser it forces download instead of showing as plain text. The first thing i see is an argument

# --prefix DIR Install to DIR (default: ~/.smolvm)

that later in the script is rm -rf deleting a lib folder. So if i accidentally pick a folder with ANY lib folder this will be deleted.

- Im not sure what the comparison to colima with krunkit machines is except you don't use vm images but how this works or how it is better is not 100% clear

- Just a minor thing but people don't have much attention and i just saw aws and fly.io in the description and nearly closed the project. it needs to be simpler to see this is a local sandbox with libkrun NOT a wrapper for a remote sandbox like so many of the projects out there.

Will try reaching you on some channel, would love to collaborate especially on devX, i would be very interested in something more reliable and bit more lightweight in placce of colima when libkrun can fully replace vz

  • binsquare  2 days ago

    Love this feedback, agree with you completely on all of it - I'll be making those changes.

    1. In comparison with colima with krunkit, I ship smolvm with custom built kernel + rootfs, with a focus on the virtual machine as opposed to running containers (though I enable running containers inside it).

    The customizations are also opensource here: https://github.com/smol-machines/libkrunfw

    2. Good call on that description!

    I've reached out to you on linkedin

  • dist-epoch  2 days ago

    What is the alternative to bash piping? If you don't trust the project install script, why would you trust the project itself? You can put malware in either.

    • jFriedensreich  2 days ago

      That assumes you even need an install script. 90% of install scripts just check the platform and make the binary executable and put it in the right place. Just give me links to a github release page with immutable releases enabled and pure binaries. I download the binary but it in a temporary folder, run it with a seatbelt profile that logs what it does. Binaries should "just run" and at most access one folder in a place they show you and that is configurable! Fuck installers.

    • wang_li  2 days ago

      It turns out that it's possible for the server to detect whether it is running via "| bash" or if it's just being downloaded. Inspecting it via download and then running that specific download is safer than sending it directly to bash, even if you download it and inspect it before redownloading it and piping it to a shell.

      6 replies →

Bengalilol  2 days ago

Probably on the side of your project, but did you try SmolBSD? <https://smolbsd.org> It's a meta-OS for microVMs that boots in 10–15 ms.

It can be dedicated to a single service (or a full OS), runs a real BSD kernel, and provides strong isolation.

Overall, it fits into the "VM is the new container" vision.

Disclaimer: I'm following iMil through his twitch streams (the developer of smolBSD and a contributor to NetBSD) and I truly love what he his doing. I haven't actually used smolBSD in production myself since I don't have a need for it (but I participated in his live streams by installing and running his previews), and my answer might be somewhat off-topic.

More here <https://hn.algolia.com/?q=smolbsd>

  • binsquare  2 days ago

    First time hearing about it, thanks for sharing!

    At a glance, it's a matter of compatibility, most software has first class support for linux. But very interesting work and I'm going to follow it closely

vladvasiliu  2 days ago

What would the advantage of this be compared to using something like a Firecracker backend for containerd?

  • binsquare  2 days ago

    Run locally on macs, much easier to install/use, and designed to be "portable" meaning you can package a VM to preserve statefulness and run it somewhere else.

    worked in AWS and specifically with firecracker in the container space for 4 years - we had a very long onboarding doc to dev on firecracker for containers... So I made sure to focus on ease of use here.