Show HN: Smol machines — subsecond coldstart, portable virtual machines

April 17, 2026
aihardwareopen-sourcescience
A close-up of a classic hourglass with sand slowly passing through, set against a textured background.
Photo by Towfiqu barbhuiya on Pexels

What it is

Smol machines (smolvm) is a CLI tool for shipping and running isolated Linux virtual machines locally. It has been reported that the project can boot workloads in under 200 ms and that cold starts are sub-second — enough to feel instantaneous for many developer workflows. You get the usual dev conveniences: ephemeral runs, persistent VMs, SSH‑agent forwarding, and a Smolfile (TOML) to declare reproducible environments. Want a Python runtime as a single executable? Pack a stateful VM into a .smolmachine and rehydrate it anywhere the host architecture matches.

Why it matters

Why should you care? Because isolation by default is suddenly convenient. Containers are fast, but they share a kernel and require careful sandboxing. Smolvm aims to give each workload a full VM with hardware‑level isolation while keeping the snappy iteration speed developers crave. It’s an appealing middle ground for running untrusted code, packaging self-contained developer runtimes, or avoiding the “it works on my machine” mess without heavy VM overhead. For anyone who’s been burned by noisy neighbors, leaky secrets, or fragile toolchain installs — this promises a little relief.

How it works (and how it stacks up)

Under the hood smolvm runs a tiny VMM (libkrun) with a custom kernel (libkrunfw) on macOS’s Hypervisor.framework and Linux KVM. Memory is elastic via virtio ballooning and vCPU threads sleep when idle to reduce over-provisioning cost. The project compares itself to containers, Colima, QEMU, Firecracker and Kata — pitching per‑workload VMs with near‑instant boot times and a native macOS story. The repo claims features like network allow-listing, SSH‑agent forwarding without exposing host keys, and pack-to-binary workflows: useful, practical knobs. Of course, some of those guarantees — like exact boot times and hypervisor-enforced key safety — are reported by the project and should be validated in your environment before you stake production on them.

Sources: github.com/smol-machines, Hacker News