alt Hacker News> These micro VMs operate without a kernel or operating system, keeping overhead low. Instead, guests are built specifically for Hyperlight using the Hyperlight Guest library, which provides a controlled set of APIs that facilitate interaction between host and guest
Sounds like this is closer to a chroot/unikernel than a "micro VM" - a slightly more firewalled chroot without most of the os libs, or a unikernel without the kernel. Pretty sure it's not a "virtual machine" though.
Only pointing this out because these sorts of containers/unikernels/vms exist on a spectrum, and each type carries its own strengths and limitations; calling this by the wrong name associates it with the wrong set of tradeoffs.
Replies
I thought a chroot was not considered a real security boundary?
Okay, so every name in this post makes sense it's just some of these words started to mean very different things with time.
This is not a hypervisor or a vm manager. It's a library that lets you run a C or Rust function[1] inside a VM managed by platform hypervisor[2].
[1]: As in Function (computer programming) not a AWS Lambda.
[2]: KVM or mshv on Linux and Windows Hypervisor on linux
I guess if it uses CR3 it's a "process" and if it uses VMLAUNCH it's a "VM".