KVM and Firecracker push

The debate in the thread centers on io_uring’s ability to sidestep traditional syscall entry points — a practical blind spot that security engineers say weakens seccomp-style sandboxes. (lwn.net) Firecracker was open‑sourced by AWS in November 2018 and is already used to power AWS Lambda and Fargate; AWS documents microVM launch times as low as 125 ms and per‑microVM memory overhead around 5 MiB. (aws.amazon.com) Seccomp remains a per‑process syscall filter, but reviewers and kernel coverage pieces note that enabling io_uring can let I/O operations bypass seccomp checks, prompting platforms such as Docker Desktop to restrict io_uring for security reasons. (lwn.net) Firecracker itself applies seccomp filters as defense‑in‑depth on a per‑thread basis inside the VMM, yet independent research (an arXiv study) has warned that Firecracker’s architecture still faces microarchitectural attack vectors that hardware isolation alone does not automatically eliminate. (github.com) Operational tradeoffs are concrete: Firecracker requires host KVM support (presence of /dev/kvm) and cloud vendors recommend combining it with cgroups, namespaces and a jailer to achieve strong tenant separation on shared hosts. (blogs.oracle.com) Adoption momentum shows practical engineering workarounds — teams are using Firecracker snapshot/restore to hit sub‑100 ms sandbox startups (one implementation reported ~28 ms restores) and projects are pairing microVMs with Kubernetes/Kata patterns to scale multi‑tenant workloads. (dev.to)