Releases

Asterinas 0.18.0 adds cgroups, ptrace, and virtio-fs support

Asterinas 0.18.0 pushes the Rust OS closer to Kata Containers with cgroups, ptrace, virtio-fs, and more than 100 verified NixOS packages.

Jamie Taylor··2 min read
Published
Listen to this article0:00 min
Asterinas 0.18.0 adds cgroups, ptrace, and virtio-fs support
Source: phoronix.net

Asterinas 0.18.0 is no longer just a research kernel with promise. The new release brought the Rust-based system much closer to serving as a guest OS for VM-based Kata Containers and Confidential Containers, with container plumbing, debugging tools, and storage changes that make it far easier to evaluate in real workloads.

The headline additions are the ones systems developers notice first: IPC namespaces, cgroup namespaces, nsfs under /proc/[pid]/ns, cgroup PID support, partial CPU controller support, virtio-fs, virtio-rng exposed as /dev/hwrng, and a completely rewritten vsock stack. The release also added ptrace support, including PTRACE_SETOPTIONS, PTRACE_SYSCALL, and PTRACE_PEEK/POKE_TEXT/DATA, which now lets GDB and strace run with verified documentation and CI support.

AI-generated illustration
AI-generated illustration

That matters because Kata Containers is built around lightweight VMs that keep container-like ergonomics while preserving VM-level isolation. For Asterinas, adding cgroups, virtio-fs, and ptrace is a practical signal that the project is moving beyond kernel demos and into the mechanics needed for isolated workloads, developer tooling, and confidential-computing setups.

The storage and core-kernel work was just as substantial. Asterinas 0.18.0 fully rewrote ext2, added a new NVMe driver, introduced a Dentry revalidation mechanism in VFS, and reworked the page cache. On the distribution side, Asterinas NixOS expanded to more than 100 verified popular packages, including Codex, QEMU, and Firefox, while the test matrix grew to include kselftest, xfstests, and standard Go, Python, and JDK suites.

Underneath those features, Asterinas is still making its case as a different kind of kernel architecture. The project describes itself as a framekernel: the whole OS runs in one address space like a monolithic kernel, but the OS Framework is the only part allowed to use unsafe Rust, while OS Services must be written in safe Rust only. Asterinas says unsafe Rust is confined to ostd, while the rest of the kernel, including peripheral device drivers, stays in safe Rust.

That design choice is central to the project’s pitch. Asterinas’ own technical paper says it supports more than 210 Linux system calls and has a memory-safety TCB of about 14.0 percent of the codebase. For Rust systems developers watching Linux ABI compatibility, that combination of wider workload support and a smaller unsafe core is what makes 0.18.0 feel like a real threshold moment, not just another release.

This article was produced by Prism’s automated news system from verified source data, official records, and press releases, then run through automated quality and moderation checks before publishing. The system is built and supervised by the people who set the standards it runs under. Read our full AI policy.

Did this article answer your question?

Discussion

More Rust Programming News