smolvm Delivers Sub-200ms VM Cold Starts With Hardware Isolation

smolvm launched on Hacker News on April 17, 2026 as a Y Combinator-backed project offering subsecond virtual machine cold starts with full hardware isolation. Created by BinSquare, the tool gained 211 points and 88 comments by providing portable, single-file VM artifacts that run with zero dependencies across macOS and Linux platforms.

Performance Rivals Firecracker While Maintaining Portability

smolvm achieves sub-200ms cold start times, significantly outperforming QEMU (15-30 seconds) and Colima (seconds) while approaching Firecracker's sub-125ms benchmark. The tool uses the libkrun VMM with a custom kernel (libkrunfw), running on Hypervisor.framework for macOS or KVM for Linux. Default allocation provides 4 vCPUs and 8 GiB RAM with elastic memory management via virtio balloon.

Hardware Isolation Provides Stronger Security Than Container Sandboxing

Unlike container-based isolation, smolvm provides real hardware isolation with a dedicated kernel per workload. This architecture enables:

Secure sandboxing of untrusted code with hypervisor-enforced boundaries
SSH agent forwarding without exposing private keys to guest environments
Network disabled by default with opt-in --net flag and egress control through allowlists
Protection against kernel-level exploits that could escape container isolation

The stronger isolation model makes smolvm particularly suitable for running AI agent code or third-party scripts where security is paramount.

Single-File Artifacts Run Anywhere With Zero Dependencies

smolvm packages complete virtual machines as single-file .smolmachine artifacts that run on any matching architecture without requiring additional dependencies. Supported platforms include:

macOS Apple Silicon
macOS Intel
Linux x86_64
Linux aarch64

This portability eliminates environment setup complexity and enables developers to distribute pre-configured development environments or sandboxed applications as standalone executables.

Persistent Development Environments Use TOML-Based Configuration

Developers can create persistent machines using Smolfiles, TOML-based configuration files that define environment specifications. This approach supports:

Pre-baked dependency management with self-contained binaries
Reproducible development environments across teams
Version-controlled VM configurations
Quick spinup of consistent testing environments

The project has gained 861+ GitHub stars and includes 7 contributors. Released under the Apache-2.0 license, smolvm represents a significant advancement in portable virtualization for development and sandboxing use cases.

Key Takeaways

smolvm achieves sub-200ms cold start times, significantly faster than QEMU (15-30s) and approaching Firecracker performance (<125ms)
The tool provides hardware isolation with dedicated kernels per workload, offering stronger security than container-based sandboxing
Single-file .smolmachine artifacts run with zero dependencies across macOS (Apple Silicon/Intel) and Linux (x86_64/aarch64)
The project gained 211 Hacker News points and 861+ GitHub stars since launching April 17, 2026
Backed by Y Combinator and released under Apache-2.0 license with TOML-based Smolfile configuration for persistent environments

Performance Rivals Firecracker While Maintaining Portability

Hardware Isolation Provides Stronger Security Than Container Sandboxing

Unlike container-based isolation, smolvm provides real hardware isolation with a dedicated kernel per workload. This architecture enables:

Secure sandboxing of untrusted code with hypervisor-enforced boundaries

SSH agent forwarding without exposing private keys to guest environments

Network disabled by default with opt-in --net flag and egress control through allowlists

Protection against kernel-level exploits that could escape container isolation

The stronger isolation model makes smolvm particularly suitable for running AI agent code or third-party scripts where security is paramount.

Single-File Artifacts Run Anywhere With Zero Dependencies

smolvm packages complete virtual machines as single-file .smolmachine artifacts that run on any matching architecture without requiring additional dependencies. Supported platforms include:

macOS Apple Silicon

macOS Intel

Linux x86_64

Linux aarch64

This portability eliminates environment setup complexity and enables developers to distribute pre-configured development environments or sandboxed applications as standalone executables.

Persistent Development Environments Use TOML-Based Configuration

Developers can create persistent machines using Smolfiles, TOML-based configuration files that define environment specifications. This approach supports:

Pre-baked dependency management with self-contained binaries

Reproducible development environments across teams

Version-controlled VM configurations

Quick spinup of consistent testing environments

Key Takeaways

smolvm achieves sub-200ms cold start times, significantly faster than QEMU (15-30s) and approaching Firecracker performance (<125ms)

The tool provides hardware isolation with dedicated kernels per workload, offering stronger security than container-based sandboxing

Single-file .smolmachine artifacts run with zero dependencies across macOS (Apple Silicon/Intel) and Linux (x86_64/aarch64)

The project gained 211 Hacker News points and 861+ GitHub stars since launching April 17, 2026

Backed by Y Combinator and released under Apache-2.0 license with TOML-based Smolfile configuration for persistent environments