microVM manager built on Firecracker (Linux) and Apple Virtualization.framework (macOS)
Project description
Shuck
An open-source microVM manager built on Firecracker (Linux) and Apple Virtualization.framework (macOS).
- Boot lightweight VMs in milliseconds
- Execute commands, transfer files, open interactive shells
- Stream serial console logs
- Port forwarding with nftables NAT (Linux)
- REST API + CLI
- Cloud-init style userdata scripts
Status
Pre-1.0. The core feature set works and has test coverage, but:
- The HTTP API, CLI flags, config schema, and on-disk state layout may change without a deprecation period.
- The Linux/Firecracker backend is more mature than the macOS/Apple VZ backend.
- It has not been run at scale or under production workloads.
- Security features (token auth, rate limiting, encrypted secrets) exist but have had limited review. Don't expose the daemon to an untrusted network.
Useful for experimentation, local development, and CI. Not recommended for production.
Quick Start
Install
macOS (Homebrew):
brew install rvben/tap/shuck
Linux & macOS (installer script):
curl -sSfL https://raw.githubusercontent.com/rvben/shuck/main/install.sh | sh
Cross-platform (PyPI):
pip install shuck
Pinning a version: curl -sSfL https://raw.githubusercontent.com/rvben/shuck/main/install.sh | SHUCK_VERSION=v0.1.2 sh or pip install shuck==0.1.2.
First boot
# Fetch the default kernel + rootfs for this host
shuck images pull
# Start the daemon
shuck daemon &
# Boot a VM
shuck run --name hello --cpus 2 --memory 512
# Interact
shuck exec hello -- uname -a
shuck shell hello
shuck cp local.txt hello:/tmp/local.txt
shuck logs hello -f
# Clean up
shuck destroy hello
On Linux, shuck run needs firecracker on PATH. If it's missing, shuck prompts to download a pinned release into the data directory. For non-interactive use (CI, scripts), set SHUCK_AUTO_INSTALL_FIRECRACKER=1 to skip the prompt.
shuck images pull fetches the latest signed image set from the images-*
GitHub Releases. If no image
release is published yet for this arch, the command will fail — use the
BYO path below in the meantime.
BYO kernel / rootfs
If you want to use your own images, pass --kernel and the rootfs path:
shuck run /path/to/rootfs.ext4 --kernel /path/to/vmlinux
Configuration
Copy config.example.toml to one of the discovery paths:
~/.config/shuck/config.toml(user)/etc/shuck/config.toml(system)
Or pass --config /path/to/config.toml explicitly. See config.example.toml for all available fields.
Platform Support
| Platform | Backend | Networking | Status |
|---|---|---|---|
| Linux x86_64 | Firecracker | TAP + nftables NAT, port forwarding | Usable |
| macOS ARM64 | Apple Virtualization.framework | Shared NAT (VZ-managed) | Experimental |
Alternatives
shuck is one of several ways to run microVMs. Rough positioning:
| Tool | Backend | Focus | Notes |
|---|---|---|---|
| shuck | Firecracker (Linux) + Apple VZ (macOS) | Single-host VM manager with a REST API and CLI | SQLite-backed state, port forwarding, guest agent over vsock. |
| Ignite | Firecracker | Docker-image-style workflow on Firecracker | Archived by Weaveworks; Linux only. |
| firecracker-containerd | Firecracker | containerd runtime backed by microVMs | Kubernetes-friendly; Linux only. |
| krunvm | libkrun | OCI-image microVMs on macOS | No daemon; ephemeral per-command VMs. |
| Lima | QEMU (+ VZ on macOS) | Full Linux VMs as a dev environment | Heavier than Firecracker; broader guest support. |
Pick shuck if you want Firecracker on Linux with a matching Apple VZ path on macOS, driven by a single CLI + daemon.
Architecture
CLI (shuck) ──> REST API (shuck-api) ──> Core (shuck-core)
├── VMM (shuck-vmm) Firecracker / Apple VZ
├── State (shuck-state) SQLite persistence
├── Net (shuck-net) TAP devices, IP allocation
└── Storage (shuck-storage) Rootfs cloning
Guest Agent (shuck-agent) ←── Proto (shuck-agent-proto)
Host-guest communication uses vsock (port 52). Messages are length-prefixed JSON with base64-encoded binary payloads.
Security
- Threat model — STRIDE analysis and residual risks.
- Hardening guide — deployment posture and config recommendations.
- Report vulnerabilities privately via GitHub Security Advisories. See SECURITY.md.
The daemon defaults to loopback-only. Don't bind it on a public interface without a bearer token and a terminating reverse proxy.
Troubleshooting
shuck run can't find firecracker (Linux)
On a TTY, shuck prompts to download a pinned release. For scripted/CI use, set SHUCK_AUTO_INSTALL_FIRECRACKER=1 to skip the prompt, or install Firecracker yourself from the releases page.
shuck run reports kvm_init: permission denied (Linux)
Add your user to the kvm group: sudo usermod -aG kvm $USER and re-login.
shuck run fails on macOS with a virtualization entitlement error
The binary needs the com.apple.security.virtualization entitlement. pip, brew, and the installer script all ship a codesigned binary. If you built from source, run make install — it ad-hoc signs via shuck.entitlements.
macOS: VM boots but exits immediately
Apple VZ needs an initramfs to mount the rootfs. If you're using custom images, make sure --initrd points at a matching initramfs (see guest/build-initramfs.sh).
shuck daemon binds but the CLI can't connect
The CLI defaults to http://127.0.0.1:7777. If the daemon listens elsewhere, pass --api-url http://host:port (and --api-token if auth is enabled).
Rootfs edits don't take effect on macOS
Use make update-rootfs to inject changes via debugfs (works in LXC and macOS). Loop-mounting doesn't work on macOS.
Development
Requires Rust 1.90+ and cargo-nextest.
make build # Debug build
make build-release # Release build (LTO, stripped)
make build-agent # Static musl agent for guest VMs
make test # Full test suite
make test-unit # Unit tests only
make lint # fmt-check + clippy
make check # Type check
make install # Install (auto-detects macOS, signs binary)
Running a Development VM
make run-daemon # Start daemon
make build-agent-aarch64 # Build ARM64 agent (macOS guests)
make update-rootfs # Inject agent into rootfs image
Systemd
A systemd unit file is provided at contrib/shuck.service.
Contributing
Issues and pull requests welcome. See CONTRIBUTING.md for the dev workflow and commit conventions.
License
See LICENSE.
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distributions
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file shuck-0.1.3.tar.gz.
File metadata
- Download URL: shuck-0.1.3.tar.gz
- Upload date:
- Size: 181.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
9511ce329461ee365454e50bd93bda171f294ee8f1b31a18447c26fa60100808
|
|
| MD5 |
ddfa57db907c71384b5a4eabfd79a978
|
|
| BLAKE2b-256 |
d275f74686208ae4fd36c0ca5b8679aeff4e8d371412524e495d77a9914b6866
|
File details
Details for the file shuck-0.1.3-py3-none-manylinux_2_28_x86_64.whl.
File metadata
- Download URL: shuck-0.1.3-py3-none-manylinux_2_28_x86_64.whl
- Upload date:
- Size: 7.9 MB
- Tags: Python 3, manylinux: glibc 2.28+ x86-64
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
82681198f4f74b8980d337415cebd1ce2b37027c8e0b740a0377ce0bcef28be4
|
|
| MD5 |
7d58e23177cde89e003865a0ebb94ed9
|
|
| BLAKE2b-256 |
fd0a8a04d1c500f8cfe59427b74fd5c6fd6fef161279b897f926426ba1ef0c0a
|
File details
Details for the file shuck-0.1.3-py3-none-manylinux_2_28_aarch64.whl.
File metadata
- Download URL: shuck-0.1.3-py3-none-manylinux_2_28_aarch64.whl
- Upload date:
- Size: 7.7 MB
- Tags: Python 3, manylinux: glibc 2.28+ ARM64
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
ad293d61f7d94fbe95e9b8e5a6fba74acb5f3fee7f850d07c63cd7a0ad84c14f
|
|
| MD5 |
0d899f5c33e2376e86eb87164f8ec5bc
|
|
| BLAKE2b-256 |
25b128fa112630536d65024a3d26cc91b802bc53f34af1a31e1aa8884b66715f
|
File details
Details for the file shuck-0.1.3-py3-none-macosx_11_0_arm64.whl.
File metadata
- Download URL: shuck-0.1.3-py3-none-macosx_11_0_arm64.whl
- Upload date:
- Size: 7.2 MB
- Tags: Python 3, macOS 11.0+ ARM64
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
c7f6583e04ca13004829698fe42a0031f3b4ee5b84217bdb758836408e016812
|
|
| MD5 |
47543d44351dee6b883e5b9561b0e9db
|
|
| BLAKE2b-256 |
ea6f19f351e902f85c228eb103c5dfa98d73be6189949037a58cc5723079cff2
|
File details
Details for the file shuck-0.1.3-py3-none-macosx_10_12_x86_64.whl.
File metadata
- Download URL: shuck-0.1.3-py3-none-macosx_10_12_x86_64.whl
- Upload date:
- Size: 7.5 MB
- Tags: Python 3, macOS 10.12+ x86-64
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
0b8d82e9063a446cfd6f5ed6f2229062ef46827eaa7e25ec1d6dbb23cb19097a
|
|
| MD5 |
8d966818e447975cbf3cc08d7d21ae69
|
|
| BLAKE2b-256 |
e73c84387d9bb825515f9c7d18e6d426fb7ec66965b094fb6f59b1b6af7ef09d
|
