Capsa is experimental software. APIs may change without notice.
Skip to content

Security

Capsa provides defense-in-depth security through multiple isolation layers.

Security Posture

Capsa provides defense-in-depth sandboxing suitable for:

  • Local development with AI coding agents
  • Running untrusted code in controlled environments
  • Integration testing with isolation requirements

Capsa is not designed for:

  • Multi-tenant cloud environments
  • High-security production workloads requiring formal verification
  • Scenarios where a sophisticated attacker specifically targets the sandbox

For production cloud workloads on Linux with strict security requirements, consider Firecracker which has undergone extensive security audits and is designed for multi-tenant isolation.

Design Philosophy

Capsa's isolation prioritizes:

  1. Availability over strict enforcement - If an isolation layer fails, capsa continues with reduced isolation rather than refusing to start
  2. Defense-in-depth - Multiple independent layers so that failure of one doesn't compromise all protection
  3. Simplicity - Straightforward implementation over complex hardening

The specific isolation mechanisms differ by platform (see below), but these principles apply across all supported platforms.

Platform-Specific Isolation

Linux

On Linux, capsa-vmm jails itself using:

  • Namespace isolation (mount, IPC)
  • Pivot root to minimal filesystem
  • Capability dropping
  • Seccomp system call filtering

See Linux Jail Security Model for details.

macOS

On macOS, isolation relies on:

  • Subprocess architecture (separate process for Virtualization.framework)
  • Code signing with virtualization entitlements
  • macOS sandbox (future work)

VM Isolation

VMs themselves provide strong isolation through hardware virtualization:

  • KVM on Linux
  • Virtualization.framework on macOS

The platform-specific isolation layers described above are defense-in-depth—additional protection if the VMM process is compromised.

Released under the MIT License.