Crosvm is a KVM monitor used within Chromium OS for application isolation. Two of crosvm’s defining characteristics is that it’s written in Rust for increased security, and that uses namespaces extensively to reduce the attack surface of the monitor itself. Getting it to run outside Chromium OS is relatively easy, with the only complication being that minijail isn’t widely packaged in distros.