MicroVM

AWS’s Rust microVM (~50 KLoC) on KVM, the production substrate for AWS Lambda and Fargate. The reference for what a VMM looks like when its requirements are aggressively bounded; jailer + Rust + minimal device set as defense in depth.

The container-VM hybrid: an OCI runtime placing each container or Kubernetes pod inside a microVM (QEMU / Firecracker / cloud-hypervisor / Dragonball) running a real Linux kernel. Hardware-grade isolation with container UX; substrate for Confidential Containers.