Can the following under any circumstance be done with BHyVe?
This is basically what Google's NaCL was intended to do, but noone uses
NaCL for security reasons - so I feel this is a long shot, but I want to
ask you if BHyVe can do this.
Usecase with pseudocode:
Say that I have an audio encoding service
"my_audio_encoding_service_program.c" wherein I run third-party audio
codec libraries (as dylib or executable), and those are absolutely
untrusted so I need to sandbox them.
So therefore, I need to do something like
BHyVe_sandbox* s = BHyVe_createSandbox(100KB RAM, 2 CPU cores,void*
pointer to the audio codec binary code,int size of the same code);
and then pass in data for procedure invocation like BHyVe_call(s,
"encoder_iterate", my arguments);
and then drive its execution further with BHyVe_resumeExecution(s, max
and then pick up results somehow.
And I'd have 50 000 of these running simultaneously on one machine, but
their respective heap size is 100KB each so that's only 5GB RAM in
As I get more data to encode from the network from any of the 50 000
audio streams I'm listening to, I feed the respective audio encoder
instance with the respective data with it, reactively.
Key characteristics here are
* How light a BHyVe instance is (like, does a BHyVe instance require
allocation of any device file or FD otherwise), and
* How lightweight trampolines between OS host process and guest code
* I guess, if an OS scheduler context switch is needed for switching
between my host "my_audio_encoding_service_program.c" code and the guest
library code - can this be done like 100 000 times in a second.
email@example.com mailing list
To unsubscribe, send any mail to