Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
projects:osmiumvm:start [2025-12-23 12:43] – removed nkukardprojects:osmiumvm:start [2026-01-08 15:46] (current) – [Links] nkukard
Line 1: Line 1:
 +====== OsmiumVM & ilivm & Sandbox ======
  
 +**OsmiumVM** is a reusable Go library for QEMU virtual machine management, providing a clean API for VM lifecycle control, device configuration, and guest interaction.
 +
 +**IliVM** is the IDMS Linux Instant VM application built on top of OsmiumVM, designed for automation with boot detection, SSH integration, and OEM customization support.
 +
 +**Osmium Sandbox** is a sandboxing library for confining processes on Linux using Seccomp, Landlock, Linux CAP dropping and Namespaces.
 +
 +===== OsmiumVM Features =====
 +
 +  * **VM Lifecycle Management** - Create, prepare, start, stop, and cleanup VMs
 +  * **Device Registry** - Unified device interface for all hardware components
 +  * **QMP Protocol** - QEMU Machine Protocol for VM control and monitoring
 +  * **Guest Agent** - Communication with QEMU guest agent for guest OS interaction
 +  * **PCI Address Allocation** - Automatic PCI/PCIe address management for Q35 machines
 +  * **Display Support** - VNC, SPICE, and GTK display with authentication
 +  * **Storage Devices** - VirtIO block devices, NVMe, and CD-ROM support
 +  * **Network Devices** - User-mode networking with port forwarding
 +
 +===== IliVM Features =====
 +
 +  * **Boot Detection** - Guest agent polling with optional network readiness wait
 +  * **SSH Integration** - Automatic key generation, file transfer, and remote execution
 +  * **OEM Customization** - ISO-based OEM configuration injection
 +  * **Serial Console** - Line-buffered and raw serial output handling
 +  * **Script Execution** - Run installation scripts on guest VMs
 +
 +===== Osmium Sandbox Features =====
 +
 +  * **Seccomp BPF Filters** - Fine-grained syscall filtering using Linux seccomp
 +  * **Policy Management** - Loadable filter policies tailored for workloads
 +  * **Process Confinement** - Integrate with OsmiumVM to sandbox QEMU processes
 +  * **Constants & Utilities** - Go bindings for seccomp modes, actions, and flags
 +  * **Linux-Specific** - Built for `linux/amd64`
 +  * **Technologies** - Seccomp BPF, Landlock, CGroups v2, Namespaces (user/pid/mount/time/ipc/uts/cgroup)
 +===== Supported Platforms =====
 +
 +  * **Machine Type**: Q35
 +  * **Accelerator**: KVM
 +  * **Guest OS**: Linux (KVM paravirtualization), Windows 11 (Hyper-V enlightenments)
 +  * **Sandbox Host**: Linux (seccomp BPF support required)
 +
 +===== Links =====
 +
 +(not yet created)
 +
 +  * [[https://gitlab.conarx.tech/osmiumvm/osmiumvm|OsmiumVM Repository]]
 +  * [[https://gitlab.conarx.tech/osmiumvm/ilivm|IliVM Repository]]
 +  * [[https://gitlab.conarx.tech/osmiumvm/osmium-sandbox|Osmium Sandbox Repository]]
  • projects/osmiumvm/start.1766493793.txt.gz
  • Last modified: 2025-12-23 12:43
  • by nkukard