LiteBox is a sandboxing library OS that drastically cuts down the interface to the host, thereby reducing attack surface. It focuses on easy interop of various "North" shims and "South" platforms. LiteBox is designed for usage in both kernel and non-kernel scenarios.
LiteBox exposes a Rust-y nix/rustix-inspired "North" interface when it is provided a Platform interface at its "South". These interfaces allow for a wide variety of use-cases, easily allowing for connection between any of the North--South pairs.
Example use cases include:
- Running unmodified Linux programs on Windows
- Sandboxing Linux applications on Linux
- Run programs on top of SEV SNP
- Running OP-TEE programs on Linux
- Running on LVBS
This might actually be my favourite use: I always thought WSL2 was a kludge, and WSL1 to be somewhat the fulfilment of the "personality modules" promise of Windows NT.
The amount of techno jargon marketing speak in this readme is impressive. I’m pretty well versed in most things computers, but it took me a long time to figure out what the heck this thing is good for. Leave it to Microsoft to try to rename lots of existing ideas and try to claim they’ve invented something amazing when it’s IMHO not all that useful.
A library os to me would typically mean it's aimed at hosting a single user program on bare hardware. I don't see that here, but maybe I'm just confused
With how buggy their flagship OS has become, why would I trust anything else they release to be better? Or even if it does work well now, why should I expect it to stay that way? Microsoft has burned through all possible goodwill at this point, at least for me.
The lack of integrated sandboxing in windows compared to android/iphone is still frankly unacceptable. I've become increasingly paranoid about running any application on Windows (not that your average linux distro is even remotely better) and yet Apple and Google seem to be far, far ahead in user permissions (especially with GrapheneOS, god bless that team) and isolation of processes.
Consumers and businesses deserve better. It's crazy to me that in 2026 Notepad++ being compromised means as much potential damage as it does, still.
No mention of starting with a design specification & then tied to formal verification the whole way?
It sounds interesting and a step forward (never heard of library Os itll now), but why won't this run into hundreds of the same security bugs that plague Windows if it's not spec'd and verified?
I'm not sure whether Microsoft, the makers of Windows 95 (after which I stopped taking them seriously), are the sharpest tool in the box when it comes to security.
It doesn't say much really. At this point we can assume almost every project has some generated code in it. Unless you're sure that every single author hates the idea and there are no external contributions. Agent configuration just makes it clear.
A library OS is an operating system design where traditional OS services are provided as application-linked libraries, rather than a single, shared kernel serving all the programs.
I know we're not supposed to complain about comment quality, but -- I came here to look for interesting technical analysis but instead it's Slashdot level snipes about Microsoft the company. And yes, I also dislike Windows and Microsoft generally but this looks like a very interesting project and I'm frankly frustrated at the level of discussion here, it's juvenile. This has nothing to do with Windows, and it looks like most people didn't even read past the title.
I'll play with this later today after work and see how mature it is and hopefully have something concrete and constructive to say. Hopefully others will, too.
38 comments
[ 3.9 ms ] story [ 42.7 ms ] threadLiteBox is a sandboxing library OS that drastically cuts down the interface to the host, thereby reducing attack surface. It focuses on easy interop of various "North" shims and "South" platforms. LiteBox is designed for usage in both kernel and non-kernel scenarios.
LiteBox exposes a Rust-y nix/rustix-inspired "North" interface when it is provided a Platform interface at its "South". These interfaces allow for a wide variety of use-cases, easily allowing for connection between any of the North--South pairs.
Example use cases include:
This might actually be my favourite use: I always thought WSL2 was a kludge, and WSL1 to be somewhat the fulfilment of the "personality modules" promise of Windows NT.
Honestly far less interesting to know I was wrong.
Consumers and businesses deserve better. It's crazy to me that in 2026 Notepad++ being compromised means as much potential damage as it does, still.
It sounds interesting and a step forward (never heard of library Os itll now), but why won't this run into hundreds of the same security bugs that plague Windows if it's not spec'd and verified?
https://github.com/microsoft/litebox/blob/main/.github/copil...
Use Linux or BSD and ignore that approach for Vendor Lock-in* into their “library OS”.
A library OS is an operating system design where traditional OS services are provided as application-linked libraries, rather than a single, shared kernel serving all the programs.
I'll play with this later today after work and see how mature it is and hopefully have something concrete and constructive to say. Hopefully others will, too.