Microsoft Launches LiteBox, a Rust-Based Secure OS Designed to Sandbox & Protect Linux Workloads

Microsoft has reportedly introduced a new open-source operating system project called LiteBox. The news first came via Phoronix, which reported that LiteBox was announced by James Morris, Microsoft’s lead for Linux OS security and open-source engagement.

For those curious, LiteBox is a security-focused library OS written in Rust that leans heavily on Linux Virtualization Based Security (LVBS). The core idea is simple but ambitious: use virtualization hardware to let LiteBox act as a secure kernel that protects a normal guest kernel running underneath it.

Microsoft describes LiteBox as a sandboxing library OS that dramatically reduces the interface exposed to the host system. By shrinking that interface, LiteBox cuts down the attack surface, which is increasingly critical in mixed OS and cloud-heavy environments. The project is designed to work across both kernel and non-kernel scenarios, rather than being locked into a single use case.

At a technical level, LiteBox exposes a Rust-style “North” interface inspired by nix and rustix, while relying on a platform-specific “South” interface underneath. This North–South design allows LiteBox to bridge different environments cleanly, making it flexible enough to plug into a wide range of platforms.

Microsoft highlights several potential use cases, including running unmodified Linux applications on Windows, sandboxing Linux apps on Linux, running workloads on top of AMD SEV-SNP, supporting OP-TEE programs, and operating directly on LVBS.

LiteBox is fully open-source under the MIT license and is already available on GitHub. There’s no stable release yet, but active development is underway.