smolvm: Portable MicroVMs for DevOps Teams

DevOps teams often have to choose between fast containers and stronger isolation. smolvm tries to narrow that gap by running each workload inside its own microVM while keeping startup time low and the CLI simple.

What Is smolvm?

smolvm is a CLI for building and running portable Linux microVMs on macOS and Linux. According to the project README, it supports sub-second cold starts, OCI images, hardware isolation through Hypervisor.framework or KVM, and portable .smolmachine artifacts that can be rehydrated on another supported host.

For SRE and platform teams, the interesting part is not just isolation. It is that smolvm uses familiar image sources and simple commands, so you can test risky tools, internal utilities, or temporary workloads without giving them direct access to the host.

Key Features

• VM Per Workload: each task gets its own kernel and hypervisor boundary instead of a shared container kernel.
• Fast Startup: the project advertises boot times under 200 ms for packaged workloads.
• OCI Image Support: pull from Docker Hub or other OCI registries without requiring a Docker daemon.
• Portable Artifacts: package a workload into a single .smolmachine file for reuse on another machine with the same architecture.
• Tighter Network Controls: networking is opt-in, and egress can be limited to allowed hosts.

Installation

curl -sSL https://smolmachines.com/install.sh | bash
smolvm --help

You can also download a binary from the GitHub releases page.

Usage

A simple way to evaluate smolvm is to run an ephemeral Alpine microVM with networking enabled:

smolvm machine run --net --image alpine -- sh -c "echo 'hello from smolvm' && uname -a"

If you want to lock outbound access down to a single destination, smolvm also supports host allow lists:

smolvm machine run --net --image alpine --allow-host registry.npmjs.org -- \
  wget -q -O /dev/null https://registry.npmjs.org

That makes it a useful fit for sandboxing untrusted utilities, testing installer scripts, or giving AI agents and automation jobs a cleaner isolation boundary.

Operational Tips

smolvm looks strongest for local development, secure task execution, and portable internal tooling. It is not a drop-in replacement for every container or VM stack. Teams should verify host architecture compatibility, KVM availability on Linux, and current limitations such as directory-only volume mounts and no ICMP support.

Conclusion

smolvm is worth watching because it makes microVM workflows feel much closer to everyday developer tooling. If your team wants stronger isolation for scripts, CI helpers, or agentic automation without jumping straight to heavyweight virtualization, this project is a practical one to test.

Looking for an AI-powered platform to help your SRE team? Akmatori helps teams automate incident response and infrastructure management. Backed by Gcore, we're building the future of intelligent operations.