jailhouse#

Jailhouse partitioning hypervisor configuration.

OCaml types for describing Jailhouse cell configurations and inter-partition communication channels. Used to define partition topologies where a root cell (hypervisor or host) manages one or more inmate cells, each with dedicated memory and CPU allocations connected by IPC channels.

On Linux with Jailhouse hardware support, partitions run as real cells with shared-memory (ivshmem) IPC. On macOS (where Apple HVF does not expose EL2 for nested virtualization), each partition runs as a separate QEMU/HVF instance connected via Unix sockets. This library provides the topology types used by both backends.

Installation#

opam install jailhouse

Usage#

let root_cell = Jailhouse.Cell.v ~name:"root" ~memory_mb:512 ~cpus:[0; 1] () in
let inmate_cell = Jailhouse.Cell.v ~name:"payload" ~memory_mb:128 ~cpus:[2] () in
let ipc = Jailhouse.Ipc.channel ~name:"cmd" ~size:4096 () in
let root = Jailhouse.Topology.partition root_cell [ipc] in
let inmate = Jailhouse.Topology.partition inmate_cell [ipc] in
let topo = Jailhouse.Topology.v ~root ~inmates:[inmate] in
ignore topo

API#

• Cell -- A Jailhouse cell (partition) with a name, memory allocation in megabytes, and an optional list of assigned CPU cores.
• Ipc -- An IPC channel descriptor with a name and shared memory region size in bytes (default 4096). Maps to ivshmem in Jailhouse mode or virtio-serial in QEMU mode.
• Topology -- Combines cells and IPC channels into a complete partition topology with one root partition and zero or more inmate partitions.

References#

• Jailhouse hypervisor