8 مستودعات
Mechanisms for assigning physical host hardware directly to a guest operating system.
Distinct from Physical Device Automation Interfaces: The candidates focus on automation, fault injection, or tuning, rather than hypervisor device assignment.
Explore 8 awesome GitHub repositories matching operating systems & systems programming · Physical Device Pass-through. Refine with filters or upvote what's useful.
OrbStack is a native macOS application that replaces Docker Desktop, providing an all-in-one environment for running Docker containers, full Linux virtual machines, and local Kubernetes clusters. It runs Linux VMs directly on the macOS hypervisor framework for near-native performance, uses VirtioFS for fast bidirectional file sharing between macOS and Linux, and leverages Rosetta for near-native x86 emulation on Apple Silicon. The system assigns predictable local domain names to containers and VMs with automatic HTTPS certificate generation, forwards ports via event-driven updates, and stores
Passes through USB devices and audio from the host to containers and Linux machines.
xhyve is a macOS virtual machine manager and virtualization tool that leverages the native hypervisor framework to run guest operating systems in userspace. It provides a virtualization layer for executing guest systems with hardware acceleration. The project features a hardware pass-through hypervisor that maps physical host devices directly to guest virtual machines to increase performance. It includes a remote framebuffer server and VNC access to enable interaction with the guest display and input devices from external devices. The tool covers virtual hardware emulation for storage, netwo
Implements mechanisms for assigning physical host hardware directly to a guest operating system to increase performance.
x11docker is an OCI container GUI orchestrator and hardware bridge designed to execute graphical applications and full desktop environments inside containers. It functions as a Linux GUI sandbox, linking containerized processes to host X11 or Wayland display servers and audio systems. The project differentiates itself by providing deep system integration for hardware acceleration, including NVIDIA driver automation and GPU passthrough. It supports cross-architecture GUI emulation and provides remote access capabilities through VNC, SSH forwarding, and browser-based HTML5 rendering. The tool
Maps host hardware device nodes and drivers into containers for direct peripheral and GPU access.
seL4 is a formally verified microkernel whose C implementation is backed by machine-checked mathematical proofs of correctness, confidentiality, integrity, and availability. It enforces strict isolation between processes through hardware-enforced address space separation and a capability-based access control system, where each process holds explicit rights only to the resources it has been granted. The kernel exposes hardware resources through a minimal API of system calls that manage threads, address spaces, and inter-process communication, with synchronous IPC supporting sender-identifying b
Grants virtual machines direct access to physical devices, bypassing the hypervisor for improved performance.
LXD is a unified platform for managing both system containers and virtual machines through a single REST API and command-line interface. It provides a programmatic HTTP interface for controlling the full lifecycle of instances, enabling automation and integration with external tools. The system runs unprivileged containers with per-instance UID/GID mappings, seccomp filters, and AppArmor profiles for kernel-level isolation, while supporting multiple storage backends including directory, Btrfs, LVM, ZFS, Ceph, LINSTOR, and TrueNAS through a unified driver interface. The platform distinguishes
Passes physical host network devices directly into instances for exclusive use.
Cloud Hypervisor is a Rust-based hypervisor and KVM virtual machine monitor designed to execute 64-bit guest operating systems. It functions as a user-space virtual machine manager that employs a minimal emulation layer to reduce memory overhead and latency for cloud workloads. The project distinguishes itself through the use of a memory-safe language to implement a virtio device emulator and a user-space device model. It provides a standardized web API for managing virtual machine lifecycles and resource configurations. The platform covers broad virtualization capabilities, including the em
Implements the mapping of physical host PCI devices directly into the guest address space for high-throughput hardware access.
ExHyperV هي مجموعة من الأدوات الإدارية المصممة لإدارة تهيئات Hyper-V المتقدمة، مع التركيز بشكل خاص على تقسيم GPU، وتمرير الجهاز، ومفاتيح الشبكة الافتراضية. توفر واجهة رسومية لتهيئة موارد الجهاز الظاهري وتحسين إعدادات الـ hypervisor. يتميز المشروع بقدرته على مشاركة موارد بطاقة الرسومات المادية عبر أجهزة ظاهرية متعددة باستخدام المحاكاة الافتراضية والتقسيم. كما يوفر أدوات متخصصة لتعيين أجهزة PCIe والأجهزة الطرفية USB مباشرة إلى الأجهزة الضيفة للوصول الحصري. تغطي البرمجية مجموعة واسعة من قدرات المحاكاة الافتراضية، بما في ذلك تحسين طوبولوجيا CPU، وتثبيت المعالج، وتخصيص الذاكرة. تتضمن أيضاً إدارة للشبكات الافتراضية من خلال تهيئة VLAN وإدارة المفاتيح الافتراضية، بالإضافة إلى عمليات التخزين مثل إدارة نقاط التحقق وإنشاء ISO افتراضي. تمكّن مجموعة الأدوات تنفيذ الأمان المتجذر في الأجهزة مثل تشفير الذاكرة و Intel SGX enclaves، وتدعم المحاكاة الافتراضية المتداخلة عن طريق تمرير امتدادات المحاكاة الافتراضية لـ CPU.
Assigns physical graphics cards to virtual machines for hardware accelerated computing and gaming.
Exegol is an offensive security platform and containerized tooling orchestrator designed to deploy and manage isolated security operations environments. It functions as a workspace manager that provisions pre-configured security images and toolkits within Docker containers to protect host systems from malicious payloads. The platform distinguishes itself by integrating AI security workflow orchestration, allowing AI assistants to discover and trigger security tools through a standardized communication protocol. It further provides remote desktop gateway capabilities, enabling GUI access via X
Passes physical hardware devices from the host to the container for specialized security applications.