Show HN: Smol Machines – Subsecond Coldstart, Portable Virtual Machines

The rise of micro‑VMs reflects a growing demand for the security of virtual machines combined with the speed of containers. Traditional VMs can take seconds to minutes to boot, while container runtimes start in milliseconds but share the host kernel, exposing a larger attack surface. smolvm narrows this gap by delivering a full kernel per workload with boot times comparable to containers—under 200 ms—making it attractive for CI pipelines, edge deployments, and any scenario where rapid, isolated execution is critical.

Under the hood, smolvm builds on the libkrun VMM and a custom lightweight kernel (libkrunfw). It runs directly on macOS’s Hypervisor.framework or Linux’s KVM, eliminating the need for a background daemon. Resources are elastic: virtio ballooning adjusts memory usage on the fly, and idle vCPU threads sleep in the hypervisor, so over‑provisioning incurs near‑zero cost. The resulting .smolmachine artifact bundles the image and configuration, allowing developers to ship a single binary that runs anywhere the host architecture matches, without pulling additional layers or managing container runtimes.

For businesses, smolvm offers a pragmatic path to hardened execution environments. Security teams can sandbox third‑party scripts, while developers gain reproducible, portable dev boxes that preserve installed packages across restarts. The optional network flag and SSH‑agent forwarding further reduce exposure of credentials and external communication. As cloud providers and edge platforms look to reduce attack vectors while maintaining agility, tools like smolvm could become a staple in DevSecOps toolchains, especially for organizations seeking a lightweight alternative to heavyweight VM solutions such as Firecracker or Kata.