Clone is a lightweight Linux VMM built on KVM. It spawns VMs from memory snapshots using Shadow Clone page mapping. Army is the orchestrator. This is the infrastructure behind Unix Shells.
A micro-VMM written in Rust. Boots Linux from a memory snapshot in under 20ms. The snapshot contains the full kernel state, userspace, and any tools you've pre-loaded. Shadow Clone means forked VMs share read-only memory pages with the template. Only pages that change consume memory. 1,000 VMs can share the memory footprint of 50.
Hardware-enforced VM boundary. Own kernel, own filesystem, own network stack.
Fork a running VM. The clone shares memory pages with the parent. Only dirty pages cost memory.
Block, net (vhost-net), vsock, balloon, virtio-fs. Full device model for real workloads.
No BIOS, no bootloader. Restore a memory snapshot directly into KVM. The kernel is already running.
Bare metal. Intel Xeon E-2386G, 32GB DDR4, Ubuntu 24.04, kernel 6.8.
| Clone | Firecracker | Cloud Hypervisor | QEMU | |
|---|---|---|---|---|
| Code size | 25K Rust | ~50K+ Rust | ~50K+ Rust | ~1.9M C |
| Fork from snapshot | <20ms | 5-10ms (restore) | stop+resume | stop+resume |
| Memory sharing | Shadow Clone (explicit page-level) | Implicit (MAP_PRIVATE) | None | None |
| 10x 512MB idle VMs | ~200MB total | Shared via page cache | ~5GB | ~5GB |
| Incremental snapshot | 192KB (dirty pages only) | Full only | Full only | Full + incremental |
| GPU passthrough | Yes (VFIO) | No | Yes (VFIO) | Yes |
| Live migration | 1ms downtime | None | Supported | 50-300ms |
The orchestrator. REST API for managing VMs across multiple hosts. Template management, scheduling, live VM exec, health monitoring. Written in Go. BSL 1.1 licensed (converts to Apache 2.0 after 4 years). Source on GitHub.
Distribute VMs across bare metal hosts. Resource-aware placement. Host health monitoring.
Register snapshots as templates. Fork VMs from templates. All pre-loaded tools are warm in memory.
Create, destroy, exec, balloon, list. JSON API. SQLite state. Single binary.
Run commands inside VMs via vsock. No SSH required. Stdout/stderr returned in the API response.
Pre-load a template with your team's tools. Fork on login. Each developer gets an isolated VM in milliseconds.
Fork a clean VM per build. Full isolation. No container escape risk. Tear down after the run.
Run untrusted code in a real VM with a hardware-enforced boundary between guest and host.
Load a model once into a template VM with GPU passthrough. Fork it for each request. Shadow Clone shares the model weights across all instances in host memory, so you can run many more concurrent inferences per GPU. Only per-request state costs memory. Saturate your GPU faster with less hardware.
Cold start measured in milliseconds. Fork from a warm snapshot. Full Linux, full syscall surface.
Give each student a full Linux machine. Pre-install the course tools in a template. Fork on login. Destroy on logout.
BSL 1.1. Converts to Apache 2.0 after 4 years. Free to use, source available.
Commercial license. Contact us for pricing. Includes source access and support.
We run it for you. The infrastructure behind unix shells.