Clone is a KVM-based VMM in Rust. Boot a template VM once, then fork copies that share memory via CoW. Forks take under 20ms. 100 forks use memory like 10. Single binary, ~25K lines.
Containers share a kernel. That's fine for your own workloads — not fine for running untrusted users side by side. Container escapes are routine in 2026. Kernel CVEs ship monthly.
VMs fix the isolation story. KVM gives you a hardware-enforced boundary. But traditional VMs are slow to boot and each one consumes its own memory. Running 100 VMs the way you'd run 100 shell users is prohibitively expensive — until now.
Clone's answer is Shadow Clone: boot a template VM once with everything warm, snapshot it, then fork copies in under 20ms. Every fork shares the same physical memory pages until it writes — only dirty pages cost memory. You get the resource profile of shared hosting with the full security of KVM.
Three layers of memory management working together to keep density high and idle cost near zero.
Copy-on-write
Forks inherit the template's memory via CoW page mapping. Reads hit the same physical page; writes allocate a private copy. 100 forks of an 8GB template cost ~1-2GB if workloads stay quiet.
MADV_MERGEABLE
Identical pages across forks get merged by the kernel's same-page merger. Catches pages that diverge then re-converge — standard library code, zeroed buffers, idle runtimes.
virtio-balloon
Guest kernels inflate the balloon during idle, returning pages to the host. When the VM gets busy again, the balloon deflates. Idle VMs cost almost nothing.
Requires a Linux host with KVM enabled. Build from source.
Built on rust-vmm crates (kvm-ioctls, vm-memory, linux-loader, virtio-queue). unsafe confined to KVM ioctls and guest memory mapping.
Storage
Raw and qcow2 disk images. Thin provisioning. Backing file chains. Ephemeral overlay support for fork workloads.
Networking
TAP-backed networking with per-fork IP assignment. DHCP-compatible. Full TCP/UDP, no userspace stack quirks.
Host sharing
Expose host directories to guests with full POSIX semantics. Read-write, per-mount isolation. No 9p quirks.
Passthrough
PCIe device passthrough: NVMe drives, network cards, GPUs. Legacy INTx interrupts work; MSI-X routing is stubbed.
Live migration
Move running VMs between hosts. Iterative dirty-page copy until the working set converges, then a brief stop-and-copy.
Security
Hardware-enforced guest isolation. Host-side seccomp filters restrict the VMM to KVM, memory, and I/O syscalls.
Firecracker is the closest cousin — minimal, fast, designed for multi-tenancy. But Firecracker has no fork / CoW path. For workloads where many VMs share most of their working set, Clone pays off.
We don't hide the limits.
We run Unix Shells — managed Linux VMs that users SSH into. Every user gets a full VM, not a container. We needed VM-level isolation without VM-level cost.
Existing VMMs didn't fit. Firecracker is the benchmark for minimal multi-tenant VMMs, but it has no memory-sharing story — every fork would pay for its own 8GB. Cloud Hypervisor and QEMU do more, but neither has the fork / CoW path we needed for shell-density workloads.
So we built Clone. ~25K lines of Rust, one binary. The design is deliberately small: KVM, the minimum virtio set, CoW fork, balloon reclaim. Nothing we don't use. It runs our production shell hosting today.
MIT licensed. Use it for anything — shells, FaaS, dev environments, CI runners, any workload where you want VM isolation at container density.