Differences

This shows you the differences between two versions of the page.

--- projects:osmiumvm:start [2025-12-30 10:48] – [Architecture] nkukard
+++ projects:osmiumvm:start [2026-01-08 15:46] (current) – [Links] nkukard
@@ Line 1: / Line 1: @@
-====== OsmiumVM & ilivm ======
+====== OsmiumVM & ilivm & Sandbox ======
 **OsmiumVM** is a reusable Go library for QEMU virtual machine management, providing a clean API for VM lifecycle control, device configuration, and guest interaction.
@@ Line 5: / Line 5: @@
 **IliVM** is the IDMS Linux Instant VM application built on top of OsmiumVM, designed for automation with boot detection, SSH integration, and OEM customization support.
+**Osmium Sandbox** is a sandboxing library for confining processes on Linux using Seccomp, Landlock, Linux CAP dropping and Namespaces.
 ===== OsmiumVM Features =====
@@ Line 25: / Line 26: @@
   * **Script Execution** - Run installation scripts on guest VMs
+===== Osmium Sandbox Features =====
+  * **Seccomp BPF Filters** - Fine-grained syscall filtering using Linux seccomp
+  * **Policy Management** - Loadable filter policies tailored for workloads
+  * **Process Confinement** - Integrate with OsmiumVM to sandbox QEMU processes
+  * **Constants & Utilities** - Go bindings for seccomp modes, actions, and flags
+  * **Linux-Specific** - Built for `linux/amd64`
+  * **Technologies** - Seccomp BPF, Landlock, CGroups v2, Namespaces (user/pid/mount/time/ipc/uts/cgroup)
 ===== Supported Platforms =====
@@ Line 30: / Line 39: @@
   * **Accelerator**: KVM
   * **Guest OS**: Linux (KVM paravirtualization), Windows 11 (Hyper-V enlightenments)
+  * **Sandbox Host**: Linux (seccomp BPF support required)
 ===== Links =====
+(not yet created)
   * [[https://gitlab.conarx.tech/osmiumvm/osmiumvm|OsmiumVM Repository]]
   * [[https://gitlab.conarx.tech/osmiumvm/ilivm|IliVM Repository]]
+  * [[https://gitlab.conarx.tech/osmiumvm/osmium-sandbox|Osmium Sandbox Repository]]