Show HN: Clone, a small Rust VMM, forks VMs in under 20ms via CoW
github.comWe needed a secure, multi-tenant way to offer shell accounts to users, but most VMMs were using too much memory and containers are unsafe. With clone, VMs are now more memory efficient than containers in most cases.
Since many other projects on HN looked like they were doing this too, open sourcing this was the right thing to do.
Feel free to use in whole or in part as you see fit! Thanks for sharing! I'm not sure your table under Why Clone is quite correct. 10x 512MB idle VMs should not take 5GB on Firecracker if they are started from snapshots since the 512MB memory file is mmap'ed with MAP_PRIVATE so is copy on write. Firecracker has diff snapshots: https://github.com/firecracker-microvm/firecracker/blob/main... The part that stands out is that you are optimizing for warm state instead of cold boot. That feels right for dev shells. If the workload is repeated short lived environments, template fork time matters more than booting a minimal kernel fast. How do you handle template drift over time? Do you periodically rebuild and re-warm from scratch, or can you patch a warm template in place without losing the memory-sharing gains? Great question! We rebuild if there's a security update or otherwise every few weeks. We're working on a better method, but right now a few templates can be kept warm so users aren't forced to reboot.