Run commands & processes
mvm has two command styles:
- one-shot sandboxes that boot, run a command, and exit;
- commands inside an already-running named microVM.
Use one-shot mode for isolated code execution. Use named-VM commands when you are working with persistent state, services, logs, or cold-mode recovery.
One-shot run
Section titled “One-shot run”mvmctl run -- uname -amvmctl run --profile restrictive -- python -c 'print("hello")'mvmctl run --timeout 30 --receipt /tmp/run-receipt.json -- python task.pymvmctl run produces a transient sandbox. It can write a signed receipt with invocation hashes, output hashes, and exit status. Raw argv, env values, stdout, stderr, and host paths are not stored in the receipt.
Use dry-run mode to inspect policy effects without booting:
mvmctl run --dry-run --json -- python task.pyNamed VM commands
Section titled “Named VM commands”mvmctl up ./my-app --name agent-sandboxmvmctl exec agent-sandbox -- python /work/task.pymvmctl logs agent-sandbox -fUse this path when the VM has state, files, services, or snapshots that should survive across commands.
Profiles
Section titled “Profiles”| Profile | Use it when | Notes |
|---|---|---|
restrictive | Running generated or untrusted code. | No env injection and no host directory shares. |
standard | Normal local runs. | Explicit env is allowed; host shares must be read-only. |
dev | Iterating on a local project. | Writable host shares are allowed. |
permissive | Last-resort debugging. | Requires explicit acknowledgement. |
Security notes
Section titled “Security notes”- Prefer argv arrays and explicit command arguments.
- Avoid passing secrets through command-line args.
- Use receipts for automation and audit correlation.
- Keep writable host shares out of untrusted runs.
- Treat stdout and stderr as sensitive because guest code controls them.