Cleanroom runs Linux microVMs on both Linux and macOS. The public CLI and policy surface is the same; backend-specific details live in runtime config and adapter internals.
| Host OS | Backend | Notes |
|---|---|---|
| Linux | firecracker |
KVM-backed microVMs, per-sandbox TAP devices, host firewall egress enforcement, file-backed or ZFS-backed snapshots |
| macOS | darwin-vz |
Apple Virtualization.framework microVMs, filehandle networking, TCP egress filtering, APFS snapshots when supported |
The default backend is chosen for the host OS. Override it in runtime config:
default_backend: darwin-vzOr for one command:
cleanroom exec --backend firecracker -- uname -aThe Linux backend uses Firecracker and KVM. Host setup needs:
- Firecracker binary
- Linux kernel image and rootfs configured in runtime config
- helper support for host networking and snapshot operations
- iptables support for egress enforcement
firecracker supports deny-by-default allowlist egress. Stage-scoped network
policies currently fail closed on this backend.
See Firecracker Backend for details.
The macOS backend uses a signed Swift helper built on Virtualization.framework. Host setup needs:
cleanroom-darwin-vzhelper- kernel and rootfs assets
mkfs.ext4anddebugfsfrome2fsprogs
darwin-vz supports filehandle TCP egress filtering and stage-scoped network
policies. It does not expose Firecracker-style TAP devices or host-visible
guest IP identity.
See Darwin VZ Backend for details.
Run:
cleanroom doctor
cleanroom doctor --jsonDoctor reports backend availability, required host tools, snapshot support, and capability gaps for the current runtime config.