Firecracker Containerd

The Firecracker Containerd backend runs OCI container images as Firecracker microVMs through firecracker-containerd. Each container gets its own Firecracker VM, combining the OCI image ecosystem with VM-level isolation.

Requirements

• Linux with KVM support
• A running firecracker-containerd daemon (default address: /run/firecracker-containerd/containerd.sock)
• The firecracker-ctr CLI on PATH
• devmapper snapshotter configured
• aws.firecracker runtime registered

Installation

Follow the upstream firecracker-containerd quickstart to install the daemon, configure the devmapper snapshotter, and register the aws.firecracker runtime. Verify with:

firecracker-ctr --address /run/firecracker-containerd/containerd.sock \
  --namespace default tasks list

Default image

The default image is ubuntu:24.04. Override per-sandbox with --image.

Usage

heyvm --backend-type firecracker_containerd

Limitations

• No host directory mounts.
• No host port publishing.
• Per-sandbox CPU and memory tuning is not yet exposed.

For unrestricted host mounts and per-sandbox resource tuning, use the standalone Firecracker or Libvirt backends instead.