LiteBox is a sandboxing library OS that drastically cuts down the interface to the host, thereby reducing attack surface. It focuses on easy interop of various "North" shims and "South" platforms. LiteBox is designed for usage in both kernel and non-kernel scenarios.
LiteBox exposes a Rust-y nix/rustix-inspired "North" interface when it is provided a Platform interface at its "South". These interfaces allow for a wide variety of use-cases, easily allowing for connection between any of the North--South pairs.
Example use cases include:
- Running unmodified Linux programs on Windows
- Sandboxing Linux applications on Linux
- Run programs on top of SEV SNP
- Running OP-TEE programs on Linux
- Running on LVBS
This might actually be my favourite use: I always thought WSL2 was a kludge, and WSL1 to be somewhat the fulfilment of the "personality modules" promise of Windows NT.
The amount of techno jargon marketing speak in this readme is impressive. I’m pretty well versed in most things computers, but it took me a long time to figure out what the heck this thing is good for. Leave it to Microsoft to try to rename lots of existing ideas and try to claim they’ve invented something amazing when it’s IMHO not all that useful.
With how buggy their flagship OS has become, why would I trust anything else they release to be better? Or even if it does work well now, why should I expect it to stay that way? Microsoft has burned through all possible goodwill at this point, at least for me.
This isn't supposed to replace Windows, and it isn't a GUI desktop operating system at all. I doubt anyone working on this has anything to do with the modern Windows desktop UX.
I know windows 11 is super buggy and riddled with issues (and the copilot mess), but I'm starting to feel there's a weird echo chamber around these forums that don't even bother looking at what the product or repository is, and automatically assume it's bad 'cause it's from Microsoft.
Windows is ultimately a lot more complex, and not open source. This also builds on the Linux ecosystem, so even if it comes from Microsoft, I imagine engineering culture is different from that on Windows and especially their online platforms (that's even worse than Windows if you ask me!).
Microsoft doesn't have a very good track record with security or privacy. Maybe it works, but yeah you'll probably get screwed over at some point.
Still, the fact that it's open source is a good thing. People can now take that code and make something better (ripping out the AI for example) or just use bits and pieces for their own totally unrelated projects. I can't see that as anything but a win. I have no problem giving shitty companies credit where its due and they've done a good thing here.
Microsoft US a massive corporation with so many people, business units, departments.
A comment like yours is just like saying: "I know a buggy open-source software, why would I trust that other open-source project? The open-source community burned all possible goodwill".
It doesn't say much really. At this point we can assume almost every project has some generated code in it. Unless you're sure that every single author hates the idea and there are no external contributions. Agent configuration just makes it clear.
> Extremely simple changes do not require explicit unit tests.
I haven't used Copilot much, because people keep saying how bad it is, but generally if you add escape hatches like this without hard requirements of when the LLM can take them, they won't follow that rule in a intuitive way most of the time.
It's a library that is linked to in place of an operating system - so whatever interface the OS provided (syscalls+ioctls, SMC methods, etc.) ends up linked / compiled into the application directly, and the "external interface" of the application becomes something different.
This is how most unikernels work; the "OS" is linked directly into the application's address space and the "external interface" becomes either hardware access or hypercalls.
Wine is also arguably a form of "library OS," for example (although it goes deeper than the most strict definition by also re-implementing a lot of the userland libraries).
So for example with this project, you could take a Linux application's codebase, recompile it linked to LiteBox, and run it on SEV-SNP. Or take an OP-TEE TA, link it to LiteBox, and run it on Linux.
The notable thing here is that it tries to cut the interface in the middle down to an intermediate representation that's supposed to be sandbox-able - ie, instead of auditing and limiting hundreds of POSIX syscalls like you might with a traditional kernel capabilities system, you're supposed to be able to control access to just a few primitives that they're condensed down to in the middle.
I think that's an OS in the form of a library, like Wine for example. From what I get from the description it allows you to run programs on your real OS and make it see a cut down API to your actual system to reduce the attack surface.
Aliens come to visit. I have to tell one the difference between an app linked against a "library os" running on a hypervisor, and an app running on a kernel. I couldn't do it with a straight face.
yeah, same here, I was like "wow what an interesting side to their business, a whole operating system intended to serve public and academic libraries!"
A library OS is an OS that is linked directly to your program instead of being a separate program accessed through a syscall to kernel mode. About the same as a “unikernel”, but a more recent term.
Basically it lets your program run directly on a hypervisor VM, though this one will also run as a Linux/Windows/BSD process.
My understanding of this is that it is a sandbox. Providing a common interface like if it was an OS for the program to run inside, but avoiding the program to use the OS directly.
What is unclear is if it uses its own common ABI or if you use the one of the host os.
I don't know why but from the project description I have a little bit of feeling that this is another vibe coded project.
A library os to me would typically mean it's aimed at hosting a single user program on bare hardware. I don't see that here, but maybe I'm just confused
It's both; it's aimed at hosting a single user program on another userspace, but also seems to have its own kernel as well?
The "North" part seems to be what I think you'd traditionally think of as a library OS, and then the "South" part seems to be shims to use various userlands and TEEs as the host (rather than the bare hardware in your example).
I'm really confused by the complete lack of documentation and examples, though. I think the "runners" are the closest thing there is.
No mention of starting with a design specification & then tied to formal verification the whole way?
It sounds interesting and a step forward (never heard of library Os itll now), but why won't this run into hundreds of the same security bugs that plague Windows if it's not spec'd and verified?
I know we're not supposed to complain about comment quality, but -- I came here to look for interesting technical analysis but instead it's Slashdot level snipes about Microsoft the company. And yes, I also dislike Windows and Microsoft generally but this looks like a very interesting project and I'm frankly frustrated at the level of discussion here, it's juvenile. This has nothing to do with Windows, and it looks like most people didn't even read past the title.
I'll play with this later today after work and see how mature it is and hopefully have something concrete and constructive to say. Hopefully others will, too.
I am with you on that. HN is becoming a "14 years old edgy mini-tech" Facebook.
"Microsoft bad, Linux good" kind of comments are all over the place. There is no more in depth discussions about projects anymore. Add the people linking their blogs only to sell you thier services for an imaginary problem, and you get HN 2026.
It's maybe the time to find another tech media. If you know one, I would be glad to know.
It'll be interesting if MS allows to write e.g. WFP callout drivers via LiteBox and not requiring attestation signing. It'll still work in kernel mode, unlike NetworkExtensions in MacOS.
The lack of integrated sandboxing in windows compared to android/iphone is still frankly unacceptable. I've become increasingly paranoid about running any application on Windows (not that your average linux distro is even remotely better) and yet Apple and Google seem to be far, far ahead in user permissions (especially with GrapheneOS, god bless that team) and isolation of processes.
Consumers and businesses deserve better. It's crazy to me that in 2026 Notepad++ being compromised means as much potential damage as it does, still.
The sandboxing on mobile platforms puts the OS vendor in a special position to enforce a monopoly on apps and features. Apple enforces it aggressively, while Google only reluctantly so far. It also prevents the user from exerting full control of the system. Apple does it by locking things down directly, while Google punishes you for owning your devices with attestation.
There has to be a better way. I think Linux's flatpak is a reasonable approach here, although the execution might be rather poor. I want a basic set of trusted tool that I can do anything with, and run less trusted tools like GUI programs in sandboxes with limited filesystem access.
> I've become increasingly paranoid about running any application on Windows (not that your average linux distro is even remotely better)
Linux excels over Windows in the area of security by a wide margin, I have no qualms about running an app on Linux versus Windows, any day of the week.
IIUC, if you have the source you can recompile said Windows app with LiteBox to statically link in the Windows OS kernel dependencies, so it'll run on any compatible processor regardless of OS (since it won't be making syscalls anymore). It's a unikernel basically.
That's the theory, but I don't know how far LiteBox is along to supporting that workflow.
> It focuses on easy interop of various "North" shims and "South" platforms.
For replacing wine on Linux the "North" would be kernel32 API or similar, the "South" would be Linux sys all API.
However this is meant as a library, thus require linking the Windows program to it and eine is more than the system interface, it has all the GUI parts etc of win32 API
A library OS is an operating system design where traditional OS services are provided as application-linked libraries, rather than a single, shared kernel serving all the programs.
I'm not sure whether Microsoft, the makers of Windows 95 (after which I stopped taking them seriously), are the sharpest tool in the box when it comes to security.
aktau|23 days ago
LiteBox is a sandboxing library OS that drastically cuts down the interface to the host, thereby reducing attack surface. It focuses on easy interop of various "North" shims and "South" platforms. LiteBox is designed for usage in both kernel and non-kernel scenarios.
LiteBox exposes a Rust-y nix/rustix-inspired "North" interface when it is provided a Platform interface at its "South". These interfaces allow for a wide variety of use-cases, easily allowing for connection between any of the North--South pairs.
Example use cases include:
aktau|23 days ago
Reddit discussion: https://www.reddit.com/r/linux/comments/1qw4r71/microsofts_n...
Project lead James Morris announcing it on social.kernel.org: https://social.kernel.org/notice/B2xBkzWsBX0NerohSC
rbanffy|22 days ago
This might actually be my favourite use: I always thought WSL2 was a kludge, and WSL1 to be somewhat the fulfilment of the "personality modules" promise of Windows NT.
a-dub|23 days ago
oofbey|22 days ago
CasualSuperman|23 days ago
simonw|23 days ago
hudo|23 days ago
rafram|23 days ago
lemonish97|23 days ago
necovek|23 days ago
dooglius|23 days ago
b00ty4breakfast|23 days ago
autoexec|23 days ago
Still, the fact that it's open source is a good thing. People can now take that code and make something better (ripping out the AI for example) or just use bits and pieces for their own totally unrelated projects. I can't see that as anything but a win. I have no problem giving shitty companies credit where its due and they've done a good thing here.
BrouteMinou|23 days ago
A comment like yours is just like saying: "I know a buggy open-source software, why would I trust that other open-source project? The open-source community burned all possible goodwill".
ementally|23 days ago
https://github.com/microsoft/litebox/blob/main/.github/copil...
pjmlp|23 days ago
viraptor|22 days ago
embedding-shape|23 days ago
I haven't used Copilot much, because people keep saying how bad it is, but generally if you add escape hatches like this without hard requirements of when the LLM can take them, they won't follow that rule in a intuitive way most of the time.
gdevenyi|23 days ago
bri3d|23 days ago
This is how most unikernels work; the "OS" is linked directly into the application's address space and the "external interface" becomes either hardware access or hypercalls.
Wine is also arguably a form of "library OS," for example (although it goes deeper than the most strict definition by also re-implementing a lot of the userland libraries).
So for example with this project, you could take a Linux application's codebase, recompile it linked to LiteBox, and run it on SEV-SNP. Or take an OP-TEE TA, link it to LiteBox, and run it on Linux.
The notable thing here is that it tries to cut the interface in the middle down to an intermediate representation that's supposed to be sandbox-able - ie, instead of auditing and limiting hundreds of POSIX syscalls like you might with a traditional kernel capabilities system, you're supposed to be able to control access to just a few primitives that they're condensed down to in the middle.
charles_f|23 days ago
zamadatix|23 days ago
Brian_K_White|23 days ago
perbu|22 days ago
cbondurant|23 days ago
Honestly far less interesting to know I was wrong.
noumenon1111|23 days ago
KPGv2|23 days ago
rendaw|23 days ago
tombert|23 days ago
wrs|23 days ago
Basically it lets your program run directly on a hypervisor VM, though this one will also run as a Linux/Windows/BSD process.
greatgib|23 days ago
What is unclear is if it uses its own common ABI or if you use the one of the host os. I don't know why but from the project description I have a little bit of feeling that this is another vibe coded project.
anon291|23 days ago
bri3d|23 days ago
The "North" part seems to be what I think you'd traditionally think of as a library OS, and then the "South" part seems to be shims to use various userlands and TEEs as the host (rather than the bare hardware in your example).
I'm really confused by the complete lack of documentation and examples, though. I think the "runners" are the closest thing there is.
richardlblair|23 days ago
throwoutway|23 days ago
It sounds interesting and a step forward (never heard of library Os itll now), but why won't this run into hundreds of the same security bugs that plague Windows if it's not spec'd and verified?
anon291|23 days ago
cmrdporcupine|23 days ago
I'll play with this later today after work and see how mature it is and hopefully have something concrete and constructive to say. Hopefully others will, too.
BrouteMinou|23 days ago
"Microsoft bad, Linux good" kind of comments are all over the place. There is no more in depth discussions about projects anymore. Add the people linking their blogs only to sell you thier services for an imaginary problem, and you get HN 2026.
It's maybe the time to find another tech media. If you know one, I would be glad to know.
bg24|23 days ago
palata|23 days ago
Is it similar to e.g. gVisor? Like would gVisor count as a library OS, too?
tnodir|22 days ago
loufe|23 days ago
Consumers and businesses deserve better. It's crazy to me that in 2026 Notepad++ being compromised means as much potential damage as it does, still.
digiown|23 days ago
There has to be a better way. I think Linux's flatpak is a reasonable approach here, although the execution might be rather poor. I want a basic set of trusted tool that I can do anything with, and run less trusted tools like GUI programs in sandboxes with limited filesystem access.
malkia|23 days ago
pjmlp|23 days ago
There is also sandboxing configuration via Intune for enterprises.
newsoftheday|23 days ago
Linux excels over Windows in the area of security by a wide margin, I have no qualms about running an app on Linux versus Windows, any day of the week.
MatejKafka|22 days ago
kvuj|23 days ago
CodesInChaos|23 days ago
* Many of them are part of families of crates maintained by the same people (e.g. rust-crypto, windows, rand or regex).
* Most of them are popular crates I'm familiar with.
* Several are only needed to support old compiler versions and can be removed once the MSRV is raised
So it's not as bad as it looks at first glance.
shikon7|23 days ago
Andrex|23 days ago
adolph|23 days ago
jrm4|23 days ago
hulitu|22 days ago
dzonga|23 days ago
sscarduzio|23 days ago
marklar423|23 days ago
That's the theory, but I don't know how far LiteBox is along to supporting that workflow.
johannes1234321|23 days ago
> It focuses on easy interop of various "North" shims and "South" platforms.
For replacing wine on Linux the "North" would be kernel32 API or similar, the "South" would be Linux sys all API.
However this is meant as a library, thus require linking the Windows program to it and eine is more than the system interface, it has all the GUI parts etc of win32 API
runjake|23 days ago
A library OS is an operating system design where traditional OS services are provided as application-linked libraries, rather than a single, shared kernel serving all the programs.
ukuina|23 days ago
burnermore|23 days ago
hypfer|23 days ago
unknown|23 days ago
[deleted]
ho_schi|23 days ago
Use Linux or BSD and ignore that approach for Vendor Lock-in* into their “library OS”.
zx8080|22 days ago
5o1ecist|23 days ago
I wonder if they, the industry as a whole, eventually will make being able to freely use a PC a subscription, bastardizing "freedom" completely.
5o1ecist|22 days ago
HP now offers subscription-notebooks. :)
pizzanfurniture|23 days ago
[deleted]
bendover690|23 days ago
[deleted]
PunchyHamster|23 days ago
[deleted]
RoyTyrell|23 days ago
alvinunreal|23 days ago
[deleted]
usefulposter|23 days ago
https://news.ycombinator.com/item?id=45077654 - "Generated comments and bots have never been allowed on HN"
gloflo|23 days ago
mlacks|23 days ago
[deleted]
HendrikHensen|23 days ago
sneak|23 days ago
R_Spaghetti|23 days ago
unknown|23 days ago
[deleted]