Linux kernel developer Ahmed Samy has released an open source hypervisor project that aims to be “simple and lightweight.” Thus, he presents , an option for Linux and Windows developers to create everything from software sandboxing tools to more full-blown hypervisor applications.
In a on the Linux kernel development email list, Samy stated that KSM’s purpose “is not to run other kernels” (typically the case with hypervisors), “but more of researching (or whatever) the running kernel, some ideas would be sandboxing, debugging perhaps.”
The project’s description in the GitHub repository expands on this: “This type of virtualization [being used as an extra layer of protection for the existing running OS] is usually seen in antiviruses, or sandboxers, or even viruses.”
Another key adjective Samy used was “hackable,” meaning that KSM has a simple code base that others can expand on and augment. Samy said he was motivated to create KSM because existing hypervisors didn’t lend themselves to this—their code bases were too big and sprawling, too difficult to understand, or didn’t implement support for newer processor features.
, for instance, or . KSM is a more modest project, which is intended to be used as raw material or a component in a larger project. An enterprising experimenter with containers could, for instance, use it to create a miniature implementation of the above ideas—“just enough” to add hypervisor security to an already small-scale container project.