Hello, I'm about to submit two factory 3 packages, from the Virtualization Devel project: - libkrunfw https://build.opensuse.org/package/show/Virtualization/libkrunfw - libkrun  https://build.opensuse.org/package/show/Virtualization/libkrun - krunvm https://build.opensuse.org/package/show/Virtualization/krunvm Libkrun is the key and the heart of everything. It's a library that enable a (OCI) runtime to start the environments that such runtimes usually handles (read: containers) inside a super-lightweight virtual machine (using KVM underneath, of course). If you're familiar with KataContainers, well, it's similar... but all done in a library, which makes things smaller and faster (at least potentially, as the project is still in early stage of development and performance is not a goal yet). This is already possible, with krunvm, which is basically a CLI for libkrun, that allows you to create lightweight VMs out of OCI images. Watch this: $ cat /etc/os-release NAME="openSUSE Tumbleweed" ID="opensuse-tumbleweed" ID_LIKE="opensuse suse" VERSION_ID="20210223" [...] $ uname -a Linux Solace 5.10.16-1-default #1 SMP Sat Feb 13 16:20:19 UTC 2021 (11381f3) x86_64 x86_64 x86_64 GNU/Linux Now, if I do: $ sudo krunvm create opensuse/leap --name leap Resolving "opensuse/leap" using unqualified-search registries (/etc/containers/registries.conf) Getting image source signatures Copying blob 99b65196a7ec done [...] Lightweight VM created with name: leap $ sudo krunvm list leap CPUs: 2 RAM (MiB): 1024 DNS server: 1.1.1.1 Buildah container: leap-working-container Workdir: /root Mapped volumes: {} Mapped ports: {} $ sudo krunvm start leap sh-4.4# cat /etc/os-release NAME="openSUSE Leap" VERSION="15.2" ID="opensuse-leap" ID_LIKE="suse opensuse" VERSION_ID="15.2" sh-4.4# uname -a Linux leap 5.10.10 #1 SMP Fri Feb 26 08:27:43 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux And you can tell that it's a VM from --among other things-- the fact that the kernels (see the two `uname -a`) are different! In this example, I used `sudo`, but it does work rootless as well, like this (for now): $ buildah unshare Solace:~ # krunvm create ubuntu --name ubu Solace:~ # krunvm start ubu # apt-get update Hit:1 http://archive.ubuntu.com/ubuntu focal InRelease Get:2 http://archive.ubuntu.com/ubuntu focal-updates InRelease [114 kB] Get:3 http://security.ubuntu.com/ubuntu focal-security InRelease [109 kB] [...] Get:5 http://archive.ubuntu.com/ubuntu focal-updates/universe amd64 Packages [934 kB] Fetched 1257 kB in 3s (423 kB/s) Reading package lists... Done # ^D Solace:~ # exit $ And yes, as you see from the above example where I used apt, networking works (limited to IPv4-TCP, for now... because as I said it's early!) with zero configuration. And of course it supports bind mounting pieces of the host filesystem as well (and also with zero config needed). Note also that the crun OCI runtime already has support for libkrun, and that podman can work on top of crun. Therefore, we could one day have podman containers running as lightweight VMs! We could one day have toolbox containers (which is why I'm cross- posting to Kubic) running as lightweight VMs!! Sure, we need to have crun for that, which I don't think we do right now. But, baby steps. :-) The third package, libkrunfw, is basically where the kernel of the lightweight VM lives. Now, ideally, we would pick-up our kernel-source package, apply patches and configuration, ad build libkrunfw from it. However, this is currently not possible, due to the dependency of some of the needed patches on a specific kernel-version. We do intend, however, to fix this as soon as possible. Libkrun and krunvm are available already in Fedora, via Copr and on MacOS-aarch64 (the so-called M1). You can find more about the project at the following links: https://github.com/containers/libkrun https://github.com/containers/krunvm https://news.ycombinator.com/item?id=25939995 https://static.sched.com/hosted_files/devconfcz2021/b9/libkrun%20Virtuailzat... Regards -- Dario Faggioli, Ph.D http://about.me/dario.faggioli Virtualization Software Engineer SUSE Labs, SUSE https://www.suse.com/ ------------------------------------------------------------------- <> (Raistlin Majere)