Shared rootfs contract parsing, reference profile assets, and build helpers.
Bundled static mke2fs (e2fsprogs) for arm64 linux. Lets @machinen/runtime materialize ext4 rootfs images without a host install.
minimalist rootfs building utilities (for initramfs and such)
Bundled mke2fs (e2fsprogs) for arm64 darwin. Lets @machinen/runtime materialize ext4 rootfs images without a host install.
Tool to compare yocto root fs to see what grows a binary diff
Binary plugins to supercharge @cdxgen/cdxgen npm package
Generate a bootable NodeOS disk image
A TypeScript-first Node.js library for spawning libkrun-backed microVMs.
Shared browser-safe Aleph deployment and polling helpers.
- enable offline instalation of packages - keep old version of archlinux and archlinuxarm packages - sync metadata via ssb - allow peer-to-peer installations - enable reproducable rootfs builds - mimic a local mirror server that pacman can use - create c
Snyk CLI docker plugin
Floating Aleph sponsor relay UI components for Svelte and React.
Airalogy protocol execute sandbox
The TypeScript API behind machinen. Reach for this when you want to drive microVMs from your own Node.js code instead of through the CLI.
fs-like NodeJS library that allows setting a root file path.
Scalable Linux emulator with included SSH/SFTP server, virtual filesystem and typed programmatic API for testing, automation, and interactive shell scripting in TypeScript/JavaScript.
Firecracker microVM control plane for isolated OpenClaw instances
Lightweight VM sandboxes for Node.js — run AI agents and untrusted code with hardware-level isolation.
oomol virtual machine
Local-first runner for GitHub Actions workflows. Same YAML, fast.
Sandbox (virtual Ubuntu + XFCE desktop) plugin for @openmono/core — manages local or remote Docker-based sandbox peers that join the mesh as first-class nodes and expose the computer_* tool surface.
Isolated Docker sandbox + git branch isolation
Firecracker microVM sandbox toolkit
Machinen VMM binary for arm64 darwin (HVF backend).
Extremely lightweight Docker alternative for agents and production services — isolated execution using cgroups, namespaces, seccomp, Landlock, and gVisor
Install or release a package in the rootfs, including extra files or directories
Linux distribution rootfs extraction, caching, and lifecycle management
`monocore` is a secure MicroVM provisioning system for running untrusted code in isolated environments.
A minimal, safe, synchronous OverlayFS implementation using FUSE.
Boot asset manifest types, asset manager, and CLI tools for ArcBox VM runtime
Firecracker-based sandbox VMM — orchestration, state, networking, and checkpoints.
Firecracker microVM backend for CellOS — jailer integration, warm pool with snapshot/restore, KVM nested-virtualisation aware.
Sandboxed bash execution environment using WebAssembly
OCI/Docker image rootfs provider for vmette
Tarball-over-HTTP/file rootfs provider for vmette
The default rootfs-provider registry for vmette (dir + squashfs + tar + OCI, in resolution order)
Build workflow for rootfs images, Ubuntu openSUSE and more
# ruby unshare (runshare) This tool allows to unshare Linux namespaces. The implementation is similar to the unshare(1) tool. ## Installation Add this line to your application's Gemfile: ```ruby gem 'runshare' ``` And then execute: $ bundle Or install it yourself as: $ gem install runshare ## Usage > require "runshare" > RUnshare::unshare For example: cat > test.rb require "runshare" pid = RUnshare::unshare( :clone_newpid => true, :clone_newns => true, :clone_newcgroup => true, :clone_newipc => true, :clone_newuts => true, :clone_newnet => true, :clone_newtime => true, :fork => true, :mount_proc => "/proc", # docker export $(docker create hello-world) | tar -xf - -C rootfs :root => "/tmp/rootfs" ) if pid == 0 # child puts "--- #{Process.pid}" if system("/hello") != true raise "bad" end puts "--- done" else # parent puts "-- unshare=#{pid}, pid=#{Process.pid}" puts "-- exit=#{Process.waitpid(pid)}" end ^D sudo ruby -I ./lib ./test.rb ## Quick start $ rake compile && echo 'require "runshare"; RUnshare::unshare(:clone_newuts => true)' | irb install -c tmp/x86_64-linux/runshare/2.4.10/runshare.so lib/runshare/runshare.so cp tmp/x86_64-linux/runshare/2.4.10/runshare.so tmp/x86_64-linux/stage/lib/runshare/runshare.so Switch to inspect mode. require "runshare"; RUnshare::unshare ## Ruby <2.5 If your app is single threaded and you are observing: eval:1: warning: pthread_create failed for timer: Invalid argument, scheduling broken Just ignore it with some degree of bravity. You also can silence it by setting: $VERBOSE = nil ## Development After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment. To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org). ## Contributing Bug reports and pull requests are welcome on GitHub at https://github.com/sitano/runshare. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct. ## License The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).