vmsilo

dsg/vmsilo

History

Davíð Steinn Geirsson 7b60a0d688 Add vm-switch sandboxing design document Design for adding strong sandboxing to vm-switch using Linux namespaces and seccomp, with per-VM process isolation. Key elements: - Fork per VM instead of threads, each child sandboxed - SPSC ring buffers for inter-process frame routing - Unprivileged operation via user namespaces - seccompiler + nix for pure Rust implementation - Asymmetric control protocol preventing MAC spoofing Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-02-08 02:05:01 +00:00
..
2026-02-08-vm-switch-sandboxing-design.md	Add vm-switch sandboxing design document	2026-02-08 02:05:01 +00:00

Davíð Steinn Geirsson 7b60a0d688 Add vm-switch sandboxing design document

Design for adding strong sandboxing to vm-switch using Linux namespaces
and seccomp, with per-VM process isolation. Key elements:

- Fork per VM instead of threads, each child sandboxed
- SPSC ring buffers for inter-process frame routing
- Unprivileged operation via user namespaces
- seccompiler + nix for pure Rust implementation
- Asymmetric control protocol preventing MAC spoofing

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

2026-02-08 02:05:01 +00:00

2026-02-08-vm-switch-sandboxing-design.md

Add vm-switch sandboxing design document

2026-02-08 02:05:01 +00:00