smolvm: portable, lightweight microVMs with sub-200ms cold starts

My notes

Summary

smolvm is a CLI tool that wraps libkrun to spin up hardware-isolated Linux VMs with sub-200ms cold starts on macOS (Apple Silicon via Hypervisor.framework) and Linux (KVM). Each workload gets its own kernel boundary, not just Linux namespaces, making it meaningfully more isolated than containers. VMs can be packed into a single portable .smolmachine file that boots anywhere without dependencies.

Key Insight

• Boot time vs. isolation trade-off is gone: <200ms cold start with real VM-level isolation. Containers give you speed but shared-kernel risk; QEMU gives isolation but slow starts. smolvm delivers both.
• Network is opt-in and allowlist-gated: by default VMs have no network. You can whitelist specific hosts (--allow-host registry.npmjs.org), useful for running untrusted build pipelines that legitimately need one registry but nothing else.
• SSH agent forwarding without key exposure: private keys never enter the guest VM, the hypervisor enforces this at the boundary. Useful for CI-style git clones in sandboxed environments.
• Elastic memory via virtio balloon: default 8 GiB allocated but host only commits what the guest actually uses. Over-provisioning is near-free.
• Smolfile = reproducible VM config in TOML: declarative setup (image, volumes, network allowlist, init commands, SSH agent), comparable to a Dockerfile but for full VMs.
• Pack into self-contained binary: smolvm pack create bakes all dependencies into a single executable that boots in <200ms with no install step. Strong use case for distributing internal tooling.
• Embeddable SDK: unlike Firecracker, Colima, or QEMU, smolvm exposes a library SDK, can be integrated programmatically, not just as a CLI subprocess.
• Comparison vs. alternatives (from the repo’s own table):
  • vs. containers: real kernel isolation, not just namespaces
  • vs. Firecracker: macOS native, portable artifacts, embeddable SDK
  • vs. QEMU: per-workload VMs, faster boot, portable artifacts