Smolvm made HN compare containers with microVMs again

smolvm is a CLI for shipping and running software with isolation by default. Its README says it can run custom Linux virtual machines locally with sub-second cold starts on macOS and Linux, then pack a stateful VM into a single .smolmachine file that can be rehydrated on a supported platform. That was enough for Hacker News to restart an old debate: when do containers stop being enough?

The project’s pitch is concrete. Network access is off by default, egress can be limited to specific hosts, host files and credentials sit outside the guest, and workloads run behind a hypervisor boundary. It can also consume OCI images from Docker Hub, ghcr.io, or other registries without a Docker daemon, and the README shows a Python 3.12 Alpine image being packed into a portable executable that boots in under 200ms.

In the HN thread, the creator described it as a Docker-container replacement that borrows from Firecracker without carrying all of Firecracker’s original AWS-specific shape. Commenters immediately tested the edges: signed .smolmachine files, custom image sources, WSL support, hot CPU and memory resizing, Docker-in-VM, and nested VM use cases.

The agent angle is why this felt timely. Coding agents, eval runners, package testers, and plugin sandboxes need to execute unfamiliar code quickly, but the security story around a shared kernel is uncomfortable. Traditional VMs give stronger isolation, yet they often cost too much latency and setup friction. smolvm is trying to make the VM feel closer to a container while keeping the isolation model easy to reason about.

The project is not finished. The README lists opt-in networking, directory-only volume mounts, macOS signing requirements, SSH-agent prerequisites, and GPU work still in progress. Even so, the HN reaction shows a real appetite for smaller isolation units as agent-driven development creates more reasons to run code you did not write.