TinyKVM: Fast sandbox that runs on top of Varnish

An introduction to a KVM-based single-process sandbox Hey All. In between working on my PhD, libriscv and an untitled game (it’s too much I know), I also have been working on a KVM sandbox for single programs. A so-called userspace emulator. I wanted to make the worlds fastest sandbox using hardware virtualization, or at least I had an idea of what I wanted to do. I wrote a blog post about sandboxing each and every request in Varnish back in 2021, titled Virtual Machines for Multi-tenancy in Varnish. In it, I wrote that I would look into using KVM for sandboxing instead of using a RISC-V emulator. And so… I went ahead and wrote TinyKVM. So, what is TinyKVM and what does it bring to the table? TinyKVM executes regular Linux programs with the same results as native execution. TinyKVM can be used to sandbox regular Linux programs or programs with specialized APIs embedded into your servers. TinyKVM’s design In order to explain just what TinyKVM is, I’m just going to list expl ... Read full article.