Not interested in using it, but the licensing here is going to be the real killer blow here. Word to the wise: the market of people who want to use your tool and pay for it is smaller than you think. It's the same mindset that kills most of these projects, thinking that the "average users" are going to represent a considerable portion of your income. It won't. Focus on milking enterprise users who want to pay hand over fist for stuff like this, but don't keep it closed source and slap your "patent pending" line on top. You're selling zero-marginal-utility here, and it's not super hard to see.

The site seems light on details. As a security guy, I'm particularly interested in (and a skeptic of) claims of "de-privileging" a Linux kernel. Firecracker[1] micro VMs are very fast, "feel" like containers, and don't depend on modifying the guest OS for security. Plus they're FOSS. This is what I'd measure Kwarantine against; you need to be in the ballpark on all these characteristics and knock it out of the park on manageability to interest me.

[1] https://github.com/firecracker-microvm/firecracker

>Patent pending.

I don't think there's much of a market for a new closed-source, patent-encumbered hypervisor for Linux...

And, perhaps obviously, I personally would never use such a thing.

I think people would take this more seriously and engage with it more deeply if you posted the technology white paper, rather than asking for people to sign up for it. There are I'm sure details I'm missing, but Firecracker startup (for instance) is very fast; so, for that matter, is vanilla gvisor.

Hello HN! We've been working on a new hypervisor https://kwarantine.xyz that can run strongly isolated containers. This is still a WIP, but we wanted to give the community an idea about our approach, its benefits, and various use cases it unlocks. Today, VMs are used to host containers, and make up for the lack of strong security as well as kernel isolation in containers. This work adds this missing security piece in containers. We plan on launching a free private beta soon. Meanwhile, we'd deeply appreciate any feedback, and happy to answer any questions here or on our slack channel. Thanks!

I can see this being useful for something I'm doing with shared infrastructure. What are your timelines like for a stable version?

There was a question (now deleted) on difference between this and Firecracker. FC/gVisor/Kata use VMs to sandbox containers. However, VMs incur high runtime overhead (not to be confused with fast booting) and need to be provisioned. We use hardware virtualization to directly run system/app containers -- no I/O emulation, no expensive VM exits, scale as needed.

undefined