Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
projects:osmiumvm:start [2025-12-30 10:48] – created nkukardprojects:osmiumvm:start [2026-01-08 15:46] (current) – [Links] nkukard
Line 1: Line 1:
-====== OsmiumVM & ilivm ======+====== OsmiumVM & ilivm & Sandbox ======
  
 **OsmiumVM** is a reusable Go library for QEMU virtual machine management, providing a clean API for VM lifecycle control, device configuration, and guest interaction. **OsmiumVM** is a reusable Go library for QEMU virtual machine management, providing a clean API for VM lifecycle control, device configuration, and guest interaction.
Line 5: Line 5:
 **IliVM** is the IDMS Linux Instant VM application built on top of OsmiumVM, designed for automation with boot detection, SSH integration, and OEM customization support. **IliVM** is the IDMS Linux Instant VM application built on top of OsmiumVM, designed for automation with boot detection, SSH integration, and OEM customization support.
  
-===== Architecture ===== +**Osmium Sandbox** is a sandboxing library for confining processes on Linux using Seccomp, Landlock, Linux CAP dropping and Namespaces.
- +
-<code> +
-┌─────────────────────────────────────────────────────────┐ +
-│                      IliVM CLI                          │ +
-├─────────────────────────────────────────────────────────┤ +
-│              OsmiumVM/pkg/qemu (library)                │ +
-├─────────────────────────────────────────────────────────┤ +
-│                    QEMU/KVM                             │ +
-└─────────────────────────────────────────────────────────┘ +
-</code>+
  
 ===== OsmiumVM Features ===== ===== OsmiumVM Features =====
Line 36: Line 26:
   * **Script Execution** - Run installation scripts on guest VMs   * **Script Execution** - Run installation scripts on guest VMs
  
 +===== Osmium Sandbox Features =====
 +
 +  * **Seccomp BPF Filters** - Fine-grained syscall filtering using Linux seccomp
 +  * **Policy Management** - Loadable filter policies tailored for workloads
 +  * **Process Confinement** - Integrate with OsmiumVM to sandbox QEMU processes
 +  * **Constants & Utilities** - Go bindings for seccomp modes, actions, and flags
 +  * **Linux-Specific** - Built for `linux/amd64`
 +  * **Technologies** - Seccomp BPF, Landlock, CGroups v2, Namespaces (user/pid/mount/time/ipc/uts/cgroup)
 ===== Supported Platforms ===== ===== Supported Platforms =====
  
Line 41: Line 39:
   * **Accelerator**: KVM   * **Accelerator**: KVM
   * **Guest OS**: Linux (KVM paravirtualization), Windows 11 (Hyper-V enlightenments)   * **Guest OS**: Linux (KVM paravirtualization), Windows 11 (Hyper-V enlightenments)
 +  * **Sandbox Host**: Linux (seccomp BPF support required)
  
 ===== Links ===== ===== Links =====
 +
 +(not yet created)
  
   * [[https://gitlab.conarx.tech/osmiumvm/osmiumvm|OsmiumVM Repository]]   * [[https://gitlab.conarx.tech/osmiumvm/osmiumvm|OsmiumVM Repository]]
   * [[https://gitlab.conarx.tech/osmiumvm/ilivm|IliVM Repository]]   * [[https://gitlab.conarx.tech/osmiumvm/ilivm|IliVM Repository]]
 +  * [[https://gitlab.conarx.tech/osmiumvm/osmium-sandbox|Osmium Sandbox Repository]]
  • projects/osmiumvm/start.1767091715.txt.gz
  • Last modified: 2025-12-30 10:48
  • by nkukard