Build and run portable, self-contained virtual machines.Pack a VM with your software and it works everywhere — like Electron, but for entire Linux environments.
install + usage
# install (macOS + Linux)
# option 1: download from GitHub releases
# https://github.com/smol-machines/smolvm/releases
# option 2: install script
curl -sSL https://smolmachines.com/install.sh | bash# sandbox - ephemeral isolated environments
smolvm sandbox run --net alpine -- echo "hello"
smolvm sandbox run --net alpine -v ./data:/workspace -- ls /workspace
smolvm sandbox run --net python:3.12-alpine -- python -V
# microvm - persistent linux VMs
smolvm microvm create --net myvm
smolvm microvm start myvm
smolvm microvm exec --name myvm -- apk add git # changes persist across reboots
smolvm microvm exec --name myvm -it -- /bin/sh # interactive shell
smolvm microvm stop myvm
# smolfile - declarative VM configuration
smolvm sandbox run -d -s examples/openclaw-app/openclaw.smolfile alpine/openclaw:main -- openclaw gateway --port 18789
smolvm microvm create myvm -s my-app.smolfile
# pack - portable, executable virtual machine
smolvm pack create alpine -o ./my-sandbox
./my-sandbox echo "hello"
smolvm pack create python:3.12-alpine -o ./my-pythonvm
./my-pythonvm python3 -c "import sys; print(sys.version)"
# uninstall
curl -sSL https://smolmachines.com/install.sh | bash -s -- --uninstallabout
smolvm runs Linux microVMs on your machine. No daemon, no Docker, no cloud account.
A microVM is a lightweight virtual machine — hardware-level isolation with <200ms boot time. Your host filesystem, network, and credentials are completely separated from the workload unless you explicitly share them in.
Install a single binary, run a command, get an isolated Linux environment.
use this for
- sandbox untrusted code (pip install, npm install, AI agents) with hardware isolation
- run Linux microVMs on macOS and Linux — no Docker daemon needed
- declare workloads with a Smolfile and run, pack, or deploy them
- mount host directories for shared file access, with the host protected by a hypervisor boundary
- pack and distribute self-contained sandboxed applications as portable
.smolmachineexecutables
comparison
smolvm is designed for running local (on your machine), persistent (long running and stateful), and interactive (communicate with workload/vm in real time) workloads.
| Containers | Colima + krunkit | QEMU | Firecracker | Kata | smolvm | |
|---|---|---|---|---|---|---|
| isolation | namespace (shared kernel) [1] | namespace (inside 1 VM) | separate VM | separate VM | VM per container [5] | VM per workload |
| boot time | ~100ms [2] | ~seconds (1 VM) | ~15-30s [3] | <125ms [4] | ~500ms [6] | <200ms |
| architecture | daemon (dockerd) | daemon (containerd in VM) | process | process | runtime stack [7] | library (libkrun) |
| per-workload VMs | no | no (shared VM) | yes | yes | yes | yes |
| macOS native | via Docker VM | yes (krunkit) | yes | no [8] | no [9] | yes |
| embeddable (SDK) | no | no | no | no | no | yes |
| portable artifacts | images (need daemon) | no | no | no | no | .smolmachine (self-contained) |
| setup | easy | easy | complex | complex | complex | easy |
[1] container isolation · [2] containerd benchmark · [3] QEMU boot time · [4] Firecracker website · [5] Kata Containers · [6] Kata boot time · [7] Kata installation · [8] Firecracker requires KVM · [9] Kata macOS support
vs colima + krunkit
Colima runs one Linux VM that hosts a container daemon (containerd/dockerd). All your containers share that single VM. smolvm starts a separate microVM per workload — each with its own kernel, filesystem, and isolation boundary. A compromised container in colima can reach other containers in the same VM. A compromised workload in smolvm is confined to its own VM with no access to the host or other workloads.
smolvm also ships a custom-built kernel (libkrunfw) optimized for fast boot, and produces portable .smolmachine executables that run without any runtime installed.
how it works
libkrun VMM + Hypervisor.framework (macOS) / KVM (Linux) + crun container runtime. No daemon process — the VMM is a library linked into the smolvm binary.
platform support
| host | guest | requirements |
|---|---|---|
| macOS Apple Silicon | arm64 Linux | macOS 11+ |
| macOS Intel | x86_64 Linux | macOS 11+ (untested) |
| Linux x86_64 | x86_64 Linux | KVM (/dev/kvm) |
| Linux aarch64 | aarch64 Linux | KVM (/dev/kvm) |
made by @binsquare · twitter · github