====== OsmiumVM & ilivm & Sandbox ======

**OsmiumVM** is a reusable Go library for QEMU virtual machine management, providing a clean API for VM lifecycle control, device configuration, and guest interaction.

**IliVM** is the IDMS Linux Instant VM application built on top of OsmiumVM, designed for automation with boot detection, SSH integration, and OEM customization support.

**Osmium Sandbox** is a sandboxing library for confining processes on Linux using Seccomp, Landlock, Linux CAP dropping and Namespaces.

===== OsmiumVM Features =====

  * **VM Lifecycle Management** - Create, prepare, start, stop, and cleanup VMs
  * **Device Registry** - Unified device interface for all hardware components
  * **QMP Protocol** - QEMU Machine Protocol for VM control and monitoring
  * **Guest Agent** - Communication with QEMU guest agent for guest OS interaction
  * **PCI Address Allocation** - Automatic PCI/PCIe address management for Q35 machines
  * **Display Support** - VNC, SPICE, and GTK display with authentication
  * **Storage Devices** - VirtIO block devices, NVMe, and CD-ROM support
  * **Network Devices** - User-mode networking with port forwarding

===== IliVM Features =====

  * **Boot Detection** - Guest agent polling with optional network readiness wait
  * **SSH Integration** - Automatic key generation, file transfer, and remote execution
  * **OEM Customization** - ISO-based OEM configuration injection
  * **Serial Console** - Line-buffered and raw serial output handling
  * **Script Execution** - Run installation scripts on guest VMs

===== Osmium Sandbox Features =====

  * **Seccomp BPF Filters** - Fine-grained syscall filtering using Linux seccomp
  * **Policy Management** - Loadable filter policies tailored for workloads
  * **Process Confinement** - Integrate with OsmiumVM to sandbox QEMU processes
  * **Constants & Utilities** - Go bindings for seccomp modes, actions, and flags
  * **Linux-Specific** - Built for `linux/amd64`
  * **Technologies** - Seccomp BPF, Landlock, CGroups v2, Namespaces (user/pid/mount/time/ipc/uts/cgroup)
===== Supported Platforms =====

  * **Machine Type**: Q35
  * **Accelerator**: KVM
  * **Guest OS**: Linux (KVM paravirtualization), Windows 11 (Hyper-V enlightenments)
  * **Sandbox Host**: Linux (seccomp BPF support required)

===== Links =====

(not yet created)

  * [[https://gitlab.conarx.tech/osmiumvm/osmiumvm|OsmiumVM Repository]]
  * [[https://gitlab.conarx.tech/osmiumvm/ilivm|IliVM Repository]]
  * [[https://gitlab.conarx.tech/osmiumvm/osmium-sandbox|Osmium Sandbox Repository]]