Thanks so much for the feedbacks. Yes these are valid concerns around libkrun security, We are planning and developing features around them actually, and hopefully that could alleviate the conerns.

for virtio-fs, yes the risk of exposing the host fs struture exists, and we plan to:

1. creating staging directory for each vm and bind-mount the host dir onto them

2. having private mount namespaces for vms

they are both tracked in our github issues:

https://github.com/smol-machines/smolvm/issues/152 https://github.com/smol-machines/smolvm/issues/151

2 may need much more efforts than we imagine, but we will ensure to call this out in our doc.

For the concern around TSI, we are developing virtio-net in-parallel, it is also tracked in our github and will be released soon: https://github.com/smol-machines/smolvm/issues/91

Would like to collect mroe suggestions on how to make this safer. Thanks!