LinuxCommandLibrary
GitHubF-DroidGoogle Play Store

smolvm

Build and run lightweight, portable virtual machines

TLDR

Run a command in an ephemeral VM
$ smolvm machine run [command]
copy
Start an interactive shell in an ephemeral VM
$ smolvm machine run -it
copy
Create a persistent virtual machine
$ smolvm machine create [name]
copy
Create a VM with networking enabled
$ smolvm machine create [name] --net
copy
Execute a command in an existing VM
$ smolvm machine exec [name] [command]
copy
Start a stopped VM
$ smolvm machine start [name]
copy
Stop a running VM
$ smolvm machine stop [name]
copy
Pack a VM into a portable executable
$ smolvm pack create [name] -o [output]
copy

SYNOPSIS

smolvm \<command\> [options]

DESCRIPTION

smolvm is a CLI tool for building and running portable, lightweight, self-contained virtual machines with sub-second cold starts and elastic memory usage. Each workload gets real hardware isolation — its own kernel running on Hypervisor.framework (macOS) or KVM (Linux).VMs can be packed into single .smolmachine files that rehydrate on any supported platform. All dependencies are pre-baked with no install step or runtime downloads required, booting in under 200ms. Memory is elastic via virtio balloon — the host only commits what the guest actually uses and reclaims the rest automatically.Network access is opt-in and disabled by default, providing a strong security boundary for sandboxing untrusted code. Host filesystem, network, and credentials are separated by a hypervisor boundary.

PARAMETERS

machine run [command]

Execute a command in an ephemeral VM that is cleaned up after exit
machine run -it
Start an interactive shell in an ephemeral VM
machine create name [--net] [--image image] [--cpus n] [--mem size]
Create a persistent virtual machine
machine start name
Boot a stopped VM
machine stop name
Halt a running VM
machine exec name command
Run a command in an existing VM
pack create name [-o path] [-s smolfile]
Bundle a workload into a portable, self-contained executable
--net
Enable network access (disabled by default; TCP/UDP only, no ICMP)
--image image
Specify the base Linux image
--cpus n
Override vCPU count (default: 4)
--mem size
Override RAM allocation (default: 8 GiB)
--ssh-agent
Forward host SSH keys into the VM
--allow-host domain
Restrict egress to specific domains
-o path
Output path for packed binaries
-s smolfile
Use a Smolfile configuration

CAVEATS

Network is opt-in only with support for TCP/UDP; ICMP is not supported. Volume mounts support directories only, not individual files. On macOS, binaries must be signed with Hypervisor.framework entitlements. On Linux, KVM access is required. The tool is written in Rust and currently supports macOS (Apple Silicon and Intel) and Linux (x86_64 and aarch64).

HISTORY

smolvm was created by Smol Machines and written in Rust. It was developed to provide developers with fast, isolated virtual machine environments that prioritize security by default, enabling safe execution of untrusted code and reproducible build environments without the overhead of traditional virtualization.

SEE ALSO

qemu(1), docker(1), podman(1), firecracker(1)

Copied to clipboard
Kai