LiteBox is a sandboxing library OS that drastically cuts down the interface to the host, thereby reducing attack surface. It focuses on easy interop of various "North" shims and "South" platforms. LiteBox is designed for usage in both kernel and non-kernel scenarios.
LiteBox exposes a Rust-y nix/rustix-inspired "North" interface when it is provided a Platform interface at its "South". These interfaces allow for a wide variety of use-cases, easily allowing for connection between any of the North--South pairs.
Example use cases include:
- Running unmodified Linux programs on Windows
- Sandboxing Linux applications on Linux
- Run programs on top of SEV SNP
- Running OP-TEE programs on Linux
- Running on LVBS
With how buggy their flagship OS has become, why would I trust anything else they release to be better? Or even if it does work well now, why should I expect it to stay that way? Microsoft has burned through all possible goodwill at this point, at least for me.
show comments
gdevenyi
What is a 'library OS'?
show comments
cbondurant
at first I thought library OS might have meant an OS meant for use at a library.
Honestly far less interesting to know I was wrong.
show comments
tombert
I’m not sure I understand what a library OS is; can someone here elaborate?
show comments
mlacks
Library Operating System (LibOS) is a type of operating system that runs in the address space of applications, allowing for a small, fixed set of abstractions to connect the library OS to the host OS kernel. This approach offers the promise of better system security and more rapid independent evolution of OS components. LibOS can run significant applications, such as Microsoft Excel, PowerPoint, and Internet Explorer, with significantly lower overhead than a full VM. It can also address many of the current uses of hardware virtual machines at a fraction of the overheads.
1
LibOS is lightweight, with extremely short startup time, and can be used to run Linux programs, making it a versatile option for various applications. It is designed to provide compatibility and sandboxing without the need for VMs, making it a lightweight alternative to containers and VMs.
1
The Library Operating System for Linux was announced on the Linux kernel mailing list, indicating its official recognition and support within the Linux community.
show comments
dzonga
Microsoft gonna release a windows flavored Linux Distro soon ;)
throwoutway
No mention of starting with a design specification & then tied to formal verification the whole way?
It sounds interesting and a step forward (never heard of library Os itll now), but why won't this run into hundreds of the same security bugs that plague Windows if it's not spec'd and verified?
show comments
bg24
Would be nice to see an OCI runtime and if it can give high-performant I/O as opposed to other we have today (eg. Gvisor).
loufe
The lack of integrated sandboxing in windows compared to android/iphone is still frankly unacceptable. I've become increasingly paranoid about running any application on Windows (not that your average linux distro is even remotely better) and yet Apple and Google seem to be far, far ahead in user permissions (especially with GrapheneOS, god bless that team) and isolation of processes.
Consumers and businesses deserve better. It's crazy to me that in 2026 Notepad++ being compromised means as much potential damage as it does, still.
show comments
kvuj
The cargo.lock file is 2200+ lines long. Did they spend a reasonable amount of time auditing these dependencies?
show comments
runjake
For others as lost as I am and want the tl;dr:
A library OS is an operating system design where traditional OS services are provided as application-linked libraries, rather than a single, shared kernel serving all the programs.
ukuina
No deployment instructions?
5o1ecist
Hmmm. Another, admittedly interesting, step towards the complete digital lockdown. Isolate and virtualize everything, now also governed by AI!
I wonder if they, the industry as a whole, eventually will make being able to freely use a PC a subscription, bastardizing "freedom" completely.
hypfer
"We did not find any viable commercial use for it, but maybe you will."
sscarduzio
Can it replace Wine to run Windows apps on Linux?
show comments
ho_schi
Another layer (ouch) to abstract away Windows (ouch * ouch).
Use Linux or BSD and ignore that approach for Vendor Lock-in* into their “library OS”.
anon291
A library os to me would typically mean it's aimed at hosting a single user program on bare hardware. I don't see that here, but maybe I'm just confused
show comments
cmrdporcupine
I know we're not supposed to complain about comment quality, but -- I came here to look for interesting technical analysis but instead it's Slashdot level snipes about Microsoft the company. And yes, I also dislike Windows and Microsoft generally but this looks like a very interesting project and I'm frankly frustrated at the level of discussion here, it's juvenile. This has nothing to do with Windows, and it looks like most people didn't even read past the title.
I'll play with this later today after work and see how mature it is and hopefully have something concrete and constructive to say. Hopefully others will, too.
show comments
bendover690
Cool
burnermore
Baaah! Microsoft, security-focused in a single sentence!
R_Spaghetti
I'm not sure whether Microsoft, the makers of Windows 95 (after which I stopped taking them seriously), are the sharpest tool in the box when it comes to security.
From the GitHub page:
LiteBox is a sandboxing library OS that drastically cuts down the interface to the host, thereby reducing attack surface. It focuses on easy interop of various "North" shims and "South" platforms. LiteBox is designed for usage in both kernel and non-kernel scenarios.
LiteBox exposes a Rust-y nix/rustix-inspired "North" interface when it is provided a Platform interface at its "South". These interfaces allow for a wide variety of use-cases, easily allowing for connection between any of the North--South pairs.
Example use cases include:
Copilot
https://github.com/microsoft/litebox/blob/main/.github/copil...
With how buggy their flagship OS has become, why would I trust anything else they release to be better? Or even if it does work well now, why should I expect it to stay that way? Microsoft has burned through all possible goodwill at this point, at least for me.
What is a 'library OS'?
at first I thought library OS might have meant an OS meant for use at a library.
Honestly far less interesting to know I was wrong.
I’m not sure I understand what a library OS is; can someone here elaborate?
Library Operating System (LibOS) is a type of operating system that runs in the address space of applications, allowing for a small, fixed set of abstractions to connect the library OS to the host OS kernel. This approach offers the promise of better system security and more rapid independent evolution of OS components. LibOS can run significant applications, such as Microsoft Excel, PowerPoint, and Internet Explorer, with significantly lower overhead than a full VM. It can also address many of the current uses of hardware virtual machines at a fraction of the overheads. 1
LibOS is lightweight, with extremely short startup time, and can be used to run Linux programs, making it a versatile option for various applications. It is designed to provide compatibility and sandboxing without the need for VMs, making it a lightweight alternative to containers and VMs. 1
The Library Operating System for Linux was announced on the Linux kernel mailing list, indicating its official recognition and support within the Linux community.
Microsoft gonna release a windows flavored Linux Distro soon ;)
No mention of starting with a design specification & then tied to formal verification the whole way?
It sounds interesting and a step forward (never heard of library Os itll now), but why won't this run into hundreds of the same security bugs that plague Windows if it's not spec'd and verified?
Would be nice to see an OCI runtime and if it can give high-performant I/O as opposed to other we have today (eg. Gvisor).
The lack of integrated sandboxing in windows compared to android/iphone is still frankly unacceptable. I've become increasingly paranoid about running any application on Windows (not that your average linux distro is even remotely better) and yet Apple and Google seem to be far, far ahead in user permissions (especially with GrapheneOS, god bless that team) and isolation of processes.
Consumers and businesses deserve better. It's crazy to me that in 2026 Notepad++ being compromised means as much potential damage as it does, still.
The cargo.lock file is 2200+ lines long. Did they spend a reasonable amount of time auditing these dependencies?
For others as lost as I am and want the tl;dr:
A library OS is an operating system design where traditional OS services are provided as application-linked libraries, rather than a single, shared kernel serving all the programs.
No deployment instructions?
Hmmm. Another, admittedly interesting, step towards the complete digital lockdown. Isolate and virtualize everything, now also governed by AI!
I wonder if they, the industry as a whole, eventually will make being able to freely use a PC a subscription, bastardizing "freedom" completely.
"We did not find any viable commercial use for it, but maybe you will."
Can it replace Wine to run Windows apps on Linux?
Another layer (ouch) to abstract away Windows (ouch * ouch).
Use Linux or BSD and ignore that approach for Vendor Lock-in* into their “library OS”.
A library os to me would typically mean it's aimed at hosting a single user program on bare hardware. I don't see that here, but maybe I'm just confused
I know we're not supposed to complain about comment quality, but -- I came here to look for interesting technical analysis but instead it's Slashdot level snipes about Microsoft the company. And yes, I also dislike Windows and Microsoft generally but this looks like a very interesting project and I'm frankly frustrated at the level of discussion here, it's juvenile. This has nothing to do with Windows, and it looks like most people didn't even read past the title.
I'll play with this later today after work and see how mature it is and hopefully have something concrete and constructive to say. Hopefully others will, too.
Cool
Baaah! Microsoft, security-focused in a single sentence!
I'm not sure whether Microsoft, the makers of Windows 95 (after which I stopped taking them seriously), are the sharpest tool in the box when it comes to security.