Project

minivisor

A KVM-based x86_64 userspace hypervisor that runs any Linux ELF binary — static or dynamic, including Python and Node — inside a sandboxed guest VM with configurable filesystem policy, syscall interception, and process snapshotting.

C++KVMBazelx86_64

minivisor is a KVM-based x86_64 userspace hypervisor. It runs ordinary Linux ELF binaries inside a lightweight guest VM — no kernel image needed — with configurable sandbox policy for filesystem access.

How it works

Syscall interception runs on three paths:

  1. Default: executable syscall instructions are patched to hlt; nop. KVM exits on KVM_EXIT_HLT and the host dispatches the syscall.
  2. Paravirtual guest-kernel: cheap scalar syscalls (uid/gid/pid queries) are handled directly in a tiny guest-resident handler; unsupported calls fall back to the host trap path.
  3. Ring buffer: a shared memory ring + doorbell ABI for batched stdout/stderr and optional file-IO fast paths.

On the host-dispatch path, registered callbacks handle syscalls first. If none match, the built-in dispatcher forwards to the host, applies sandbox translation, emulates guest-only behaviour (brk, mmap, fork snapshots), or returns -ENOSYS.

Usage

# Run a sandboxed Python script — only current worktree visible
minivisor -p @worktree-only --run python3 app.py
 
# Run Node with a memfd scratch space
minivisor -p @worktree-only @memfd-scratch --run node app.js
 
# Run any statically linked ELF
minivisor --run ./my-binary

minivisor forms the sandboxing and enforcement layer used in VibeLoop to isolate agent-spawned processes on AWS VMs.