Nanvix is a sandboxing technology for running untrusted applications in a hardware-isolated environment with minimal overhead.
Note: This repository contains the implementation of the sandbox. If you are looking to use Nanvix, refer to nanvix-python, a Python distribution of Nanvix.
Nanvix features a unique co-designed architecture that combines two key innovations:
-
A purpose-built Micro-VM that provides hardware-enforced isolation with minimal overhead. This Micro-VM is designed to be as lightweight as possible, exposing only a virtual processor and memory to the guest and stripping away all device emulation and other features that add latency.
-
A multikernel OS that enables flexible system component placement and sharing. This design splits the OS across two kernels: a guest-side Microkernel that runs inside the Micro-VM and provides essential OS features; and a host-side Macro-Kernel that runs on the host platform and provides network and storage software switches. System components run as special processes on top of either kernel, depending on the deployment configuration.
Read more about this architecture in our paper: Nanvix: A Multikernel OS Design for High-Density Serverless Deployments.
┌─────────────────────────────────────┐
│ Micro-VM │ Microkernel on Micro-VM runs:
│ Microkernel │ • The untrusted application.
│ │ • Essential system services (scheduler, etc.).
│ ┌─────────────┐ ┌──────────────┐ │ • Optional in-guest components (e.g. filesystem).
│ │ Application │ │ Filesystem │ │
│ └─────────────┘ └──────────────┘ │
└──────────────────┬──────────────────┘
│ selected I/O
│ (e.g. network)
▼
┌─────────────────────────────────────┐
│ Macro-Kernel │ Macro-Kernel on host platform runs:
│ (host OS) │ • Network software switch.
│ │ • Storage software switch.
│ ┌──────────────┐ │ • Host-side system components (e.g. network stack).
│ │ Network │ │
│ └──────────────┘ │
└─────────────────────────────────────┘
- Lightweight Virtual Machine: Hardware isolation with minimal overhead — no device emulation, just a virtual processor and memory.
- Custom Guest Microkernel: A thin kernel exposing a rich feature set and POSIX API to support a wide range of applications (see our software catalog).
- Flexible Placement of System Components: Components like filesystem and networking stack can run either on the guest-side or the host-side.
- Cross-Platform Support: Runs on both Linux and Windows hosts.
- Fast Startup Times: Application startup in the double-digit millisecond range, suitable for serverless and agentic workloads.
- Low Memory Footprint: Tens of megabytes of memory consumption per Micro-VM, friendly to resource-constrained environments and high-density deployments.
| Feature | Nanvix | Unikraft | Firecracker | gVisor | Docker | WebAssembly |
|---|---|---|---|---|---|---|
| Flexible Component Placement | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ |
| Multiple Guest Processes | ✅ | ❌ | ✅ | ✅ | ✅ | ❌ |
| Hardware Isolation | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ |
| Startup Time | ~30ms | ~320ms | ~70ms | ~160ms | ~1s | ~1ms |
| Memory Footprint | ~10MB | ~10MB | 10–100MB | 10–50MB | ~100MB | ~1MB |
| Deployment Density | ~10k | ~1k | ~1k | ~1k | ~100 | ~10k |
| Full Linux Compatibility | ❌ | ❌ | ✅ | ✅ | ✅ | ❌ |
Startup time is the p50 latency to serve the first HTTP echo request; memory footprint is the per-instance contribution to host memory for the same workload, measured via
MemAvailablein/proc/meminfo. Nanvix and Firecracker use snapshot-restore (the production serverless configuration); Unikraft and gVisor use cold start (no production snapshot path available). Ranges span cold boot and snapshot-restore variants where applicable. Docker and WebAssembly are approximate community values. See arXiv:2604.11669 for more on the methodology.
- Linux Compatibility: Nanvix provides a POSIX API with 150+ system calls, but it is not fully compatible with all Linux applications and may require some modifications to run certain applications.
- Growing Software Ecosystem: The catalog of ready-to-run applications is growing, so bringing up new workloads typically requires porting and cross-compiling them against the Nanvix toolchain. See the catalog for a list of applications that have already been ported.
Requires Ubuntu 24.04 with sudo privileges and KVM enabled.
# Run on Bash.
# Clone this source code.
git clone https://github.com/nanvix/nanvix.git && cd nanvix
# Setup the development environment.
./z setup
# Build Nanvix.
./z build -- all
# Run an example application.
./bin/nanvixd.elf -console-file /dev/stdout -- ./bin/hello-rust-nostd.elfRequires Windows 11 with GNU Make on PATH, Windows Hypervisor Platform enabled, Developer Mode turned on, and a Rust toolchain installed via rustup.
# Run on PowerShell.
# Clone this source code (symlinks require Developer Mode).
git clone -c core.symlinks=true https://github.com/nanvix/nanvix.git; cd nanvix
# Setup the development environment.
.\z.ps1 setup
# Build Nanvix.
.\z.ps1 build -- all
# Run an example application.
.\bin\uservm.exe -kernel .\bin\kernel.elf -initrd .\bin\hello-rust-nostd.elf -standaloneFor more details, see the full setup, build, and run guides.
- doc/setup.md - Instructions for setting up your development environment.
- doc/build.md - Instructions for building Nanvix.
- doc/run.md - Instructions for running Nanvix.
- doc/test.md - Instructions for testing Nanvix.
- doc/benchmark.md - Instructions for benchmarking Nanvix.
This project is a prototype. As such, we provide no guarantees that it will work and you are assuming any risks with using the code. We welcome comments and feedback. Please send any questions or comments to any of the following maintainers of the project:
By sending feedback, you are consenting that it may be used in the further development of this project.
This project is distributed under the MIT License.