# ZViz

> ZViz is an OCI-compatible Zig container runtime that takes a selective-denial
> approach to container isolation. It runs code you can't trust but have to run.
> Built and maintained by Skelf-Research. Apache 2.0.

## What ZViz is

- An OCI-compatible container runtime written in Zig.
- A layered enforcement stack: namespaces (user, pid, mount, ipc, uts), all 41
  Linux capabilities dropped, Landlock LSM ruleset, seccomp-BPF filter, cgroups v2.
- Selective-denial syscall policy: 132 syscalls reach the host kernel at native
  speed, 24 are denied at seccomp, one (`socket`) is argument-filtered inline.
- A single static binary. No daemon. No userspace kernel.

## What ZViz is not

- Not a userspace kernel like gVisor. Allowed syscalls execute on the host kernel
  at native speed; ZViz does not emulate.
- Not a MicroVM like Firecracker. There is no KVM guest, no virtio devices.
- Not a drop-in replacement for runc for every workload. If you need `ptrace`,
  `mount`, or `unshare` inside the container, use gVisor instead.

## Audience

AI agent runtimes, code-execution platforms, CI sandboxers, multi-tenant
platforms running user-supplied code. Anywhere "the workload is hostile" is the
correct threat-model assumption.

## Requirements

- Linux kernel >= 5.13 (for Landlock LSM)
- cgroups v2 enabled
- Zig 0.15.0+ to build from source

## Key pages

- Overview: https://zviz.skelfresearch.com/
- About: https://zviz.skelfresearch.com/about/
- Field notes (blog): https://zviz.skelfresearch.com/blog/
- ZViz vs gVisor: https://zviz.skelfresearch.com/compare/gvisor/
- ZViz vs runc: https://zviz.skelfresearch.com/compare/runc/
- RSS: https://zviz.skelfresearch.com/rss.xml
- Sitemap: https://zviz.skelfresearch.com/sitemap-index.xml
- Documentation: https://docs.skelfresearch.com/zviz/
- Source: https://github.com/Skelf-Research/zviz

## License

Apache License 2.0