Firecracker

Firecracker runs sandboxes as lightweight KVM microVMs via the Firecracker VMM. It boots in well under a second per VM, has a small memory footprint, and provides full kernel-level isolation. On Linux hosts with /dev/kvm available, it's the default backend used by heyvm wt (worktree sandboxes) when Docker is not installed.

Requirements

• Linux with KVM support (Intel VT-x or AMD-V)
• Read/write access to /dev/kvm
• firecracker binary on PATH (or installed by heyvm's setup tooling)

Installation

1. Verify KVM support

   egrep -c '(vmx|svm)' /proc/cpuinfo

   A non-zero result means KVM is supported.

2. Install Firecracker

   Download the latest release binary from the Firecracker releases page and place it on your PATH.

3. Grant /dev/kvm access

   sudo usermod -aG kvm $(whoami)

   Log out and back in for the group change to take effect.

VM images

Firecracker reuses heyvm's auto-download image catalog: ubuntu:24.04, debian:12, and alpine:3.23. The kernel image is fetched separately from S3 on first use and cached under ~/.heyo/images/firecracker/.

Usage

heyvm --backend-type firecracker

For more detail, see the mvm-ctrl Firecracker driver doc.