| ZeroVM | |
|---|---|
| Original authors | Camuel Gilyadov, Constantine Peresypkin & Dmitri Bortok |
| Developer | LiteStack which was acquired byRackspace |
| Stable release | |
| Written in | C,assembly |
| Operating system | Linux |
| Platform | x86-64 |
| Type | Application virtualization |
| License | Apache License 2.0 |
| Website | zerovm |
| Repository | |
ZeroVM is anopen source light-weightvirtualization andsandboxing technology. It virtualizes a single process using theGoogle Native Client platform. Since only a single process is virtualized (instead of a full operating system), the startup overhead is in the order of 5 ms.[2][independent source needed]
ZeroVM creates a sandbox around a single process,[3]using technology based onGoogle Native Client (NaCl). The sandbox ensures that the application executed cannot access data in the host operating system, so it is safe to execute untrusted code. The programs executed in ZeroVM must first be cross-compiled to the NaCl platform. ZeroVM can only execute NaCl code compiled for thex86-64 platform, not theportable Native Client (PNaCl) format.
Code executed in ZeroVM cannot call normalsystem calls and initially cannot interact with the host environment. All communication with the outside world takes place overchannels, which must be declared before the program starts. Outside the sandbox, a channel can be connected to a local file, to a pipe, or to another ZeroVM instance.[4]Inside the sandbox, the program sees the channel as afile descriptor. The sandboxed program can read/write data from/to the channel, but does not know where the channel is connected in the host.
Programs compiled for ZeroVM can optionally use the ZeroVM Runtime library called ZRT. This library aims to provide the program with aPOSIX environment.[5]It does this by replacing parts of theC standard library. In particular, ZRT replacesC file input/output functions such asfopen andopendir with versions that operate on an in-memory filesystem. The root filesystem is provided as a tarball. This allows a program to "see" a normal Unix environment.
The ZRT also replacesC date and time functions such astime to give programs a fixed anddeterministic environment. With fixed inputs, every execution is guaranteed to give the same result. Even non-functional programs become deterministic in this restricted environment.[6]This makes programs easier to debug since their behavior is fixed.
ZeroVM has been integrated withSwift, the distributed object storage component ofOpenStack.[7]When the ZeroCloud middleware is installed into Swift, a client can make a request to Swift containing a ZeroVM program. The program is then executed directly on the storage nodes. This means that the program has direct access to the data.
ZeroVM was developed by LiteStack, an Israeli startup. The first commit in thezerovmGit repository was added in November 2011.[8]LiteStack was bought byRackspace in October 2013.[2][9][10]ZeroVM participated inTechstars Cloud 2013 incubator program and got $500,000 in seed funding.[11][12]The first ZeroVM Design Summit was held in January 2014 at theUniversity of Texas at San Antonio.[13]
