Show HN: Vpod – Tiny Linux sandbox running in WASM

Posted by mavdol04 1 day ago

Hi HN,

I spent the last few months reading the RISC‑V specification to build the lightest possible sandboxes. The idea behind a vpod is to quickly spin up a Linux sandbox from snapshots (Alpine by default) without any setup or subsystem required.

The trade-off for portability and security is raw CPU speed. So we don't expect it to match native workloads with Python or pip, for example.

More info is in the README https://github.com/capsulerun/vpod

Happy to answer any questions!

Comments

Comment by spankalee 1 day ago

Do you think that once GCC gets a working Wasm backend[1], that it might be possible to build Linux for Wasm directly and skip the RISC-V VM?

[1]: https://www.phoronix.com/news/GCC-Steering-WebAssembly

Comment by mavdol04 1 day ago

With RISC‑V emulation we get the virtual hardware components we need to boot Linux like MMU, registers etc. So a GCC WASM backend could definitely help, but I'm not sure it could replace the whole emulation layer.

Comment by clapthewind 21 hours ago

So we can run this on a browser? a demo on the github page would be great. combine it with an extension to support networking, and you have a winner.

Comment by mavdol04 21 hours ago

It doesn't have browser support yet because it's WASI-based, so there are a few more steps compared to Emscripten (two different ways to build for WebAssembly). But networking is supposed to work, did you have trouble with it?

Comment by clapthewind 5 hours ago

I didn't try it. Given jslinux exists, and works, i suspect WASM based linux will be faster and more streamlined.