Virtualization and Cloud Infrastructure
Lima v2.0: expanding the focus to hardening AI
<p>Lima (Linux Machines) is a command line tool to launch a local Linux virtual machine, with the primary focus on running containers on a laptop.</p>
<p>While Lima was originally made for promoting containers (particularly containerd) to Mac users, it has been known to be useful for a variety of other use cases as well. One of the most edgy use cases is to run an AI coding agent inside a VM, in order to isolate the agent from direct access to host files and commands. This setup ensures that even if an AI agent is deceived by malicious instructions searched from the Internet (e.g., fake package installations), any potential damage is confined within the VM, or limited to files specified to be mounted from the host.</p>
<p>This talk introduces the updates in Lima v2.0 (November 2025) that facilitates using Lima with AI:
- Plugin infrastructure
- GPU acceleration
- MCP server
- CLI improvements</p>
<p>Web site: https://lima-vm.io
GitHub: https://github.com/lima-vm/lima</p>
Additional information
| Live Stream | https://live.fosdem.org/watch/h2213 |
|---|---|
| Type | devroom |
| Language | English |
More sessions
| 1/31/26 |
<p>systemd supports a number of integration features that allow VMMs certain access to the inner state of VM guests for provisioning, synchronization and interaction, and many of them are little known, even though very very useful. In this talk I'd like to shed some light on many such integration points, such as SMBIOS type 11 based system credential provisioning; state propagation/readiness notification via AF_VSOCK; SSH support via AF_VSOCK, and so on.</p>
|
| 1/31/26 |
<p>Modern confidential computing technologies like AMD SEV-SNP and Intel TDX provide a reliable way to isolate guest workload and data in use from the virtualization or cloud infrastructure. Protecting data at rest is, however, not something you get ‘by default’. The task is particularly challenging for traditional operating systems where users expect to get full read/write experience. </p> <p>The good news is that Linux OS already offers a number of great technologies which can be combined ...
|
| 1/31/26 |
<p>It has been several years since the last <a href="https://github.com/rust-vmm/community">rust-vmm</a> update at FOSDEM, but the community has continued to grow. Our goal remains the same: to provide reusable Rust crates that make it easier and faster to build virtualization solutions.</p> <p>This talk will present the main progress and achievements from the past few years. It reviews how rust-vmm crates integrate into a variety of projects such as Firecracker, Cloud Hypervisor, Dragonball, ...
|
| 1/31/26 |
<p>QEMU 10.2 will introduce MSHV as a new accelerator option for Linux hosts.</p> <p>MSHV is a kernel driver maintained by Microsoft's Linux System Group that aims to expose HyperV capabilities to users in various virtualization topologies: on bare metal, in nested virtualization and most recently via a new model called "Direct Virtualization".</p> <p>Direct virtualization will allow owners of an L1 VM to commit parts of their assigned resources (CPU, RAM, Peripherals) to virtual L2 guests, that ...
|
| 1/31/26 |
<p><a href="https://github.com/oasis-tcs/virtio-spec">VIRTIO</a> is the open standard for virtual I/O, supported by a wide range of hypervisors and operating systems. Typically, device emulation is performed directly inside the Virtual Machine Monitor (VMM), like <a href="https://www.qemu.org/">QEMU</a>. However, modern virtualization stacks support multiple implementation models: keeping the device in the VMM, moving it to the kernel (vhost), offloading it to an external user-space process ...
|
| 1/31/26 |
<p>This talk shows how a Raspberry Pi can run a complete open-source cloud using OpenNebula. With MiniONE handling the installation and KVM doing the virtualization, a Raspberry Pi becomes a small but fully functional cloud node capable of running VMs, containers, lightweight Kubernetes clusters and edge services. The goal is simple: demonstrate that homelab users can build a full cloud stack with compute, networking, storage and orchestration on affordable hardware using only open-source tools. ...
|
| 1/31/26 |
<p>To address the challenge of providing seamless Layer 2 connectivity and mobility for KubeVirt virtualized applications distributed across multiple clusters (for reasons like disaster recovery, scaling, or hybrid cloud), we integrated OpenPERouter, an open-source project that provides EVPN-based VXLAN overlays, solving the critical need for distributed L2 networking.</p> <p>OpenPERouter's declarative APIs and dynamic BGP-EVPN control plane enable L2 networks to stretch transparently between ...
|
