An experimental x86-64 OS written entirely in Rust — Linux-compatible syscall ABI, virtio drivers (blk/net/input/gpu), ext2 VFS, POSIX/OFD byte-range locks, PTY, signal FP/XSTATE frames, and a 438-applet Busybox-like userland. Built from scratch with no C in the kernel.
- Download & run (testers):
docs/QUICKSTART.md— boot a released image in QEMU or VirtualBox in minutes, no build required - Known issues:
KNOWN_ISSUES.md— current v0.7 limitations; read before filing a bug - Live status & metrics:
docs/STATUS.md— test counts, CI gates, success-criteria dashboard (updated on every feature merge) - Capability inventory:
docs/CAPABILITIES.md— kernel subsystems, syscalls, /proc files, userland binaries - Per-feature history:
CHANGELOG.md— what shipped, when, with what trade-offs - Design rationale:
Learnings.MD— what was hard, root causes, non-obvious decisions - Roadmap:
ROADMAP.md— tiered follow-up work - Validation:
VALIDATION.md— proof against the 11 success criteria - Wiki: github.com/mohnkhan/MyOS2026/wiki — architecture overviews, getting-started guides, HOWTOs, compatibility matrices
- Boots in under 2 seconds to an
nsh$prompt on BIOS-headless QEMU, with SSH ready in under 5 seconds. - Reproducible images (identical SHA-256 across runs) and verified boot (BLAKE2b → ed25519 attestation chain) by default.
- Written entirely in Rust with ~170 LOC of hand-written assembly. KASAN + FASAN catch memory-safety bugs at the corruption site, not the crash site.
- Linux-compatible syscall ABI on x86_64 — statically-linked musl and glibc ELF binaries run unmodified; 400+ syscalls implemented and differential-tested against Linux.
- OS learning platform — every subsystem fits in your head, written in safe Rust with no hidden C glue.
- Secure ephemeral VMs — sandbox + verified boot + fast teardown via snapshot/rollback.
- CI/CD throwaway environments — sub-2-second boot, 18 MB image, SSH ready in under 1 second.
- Kernel and systems-programming research — modify the kernel, rebuild, boot in under 2 minutes.
Just want to boot it? If you only want to run a released image (not build from source), follow the download-and-run quickstart — QEMU/VirtualBox in a few commands, no toolchain needed.
# Prerequisites
apt install qemu-system-x86 ovmf sgdisk mtools e2fsprogs qemu-utils nasm python3
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
rustup toolchain install nightly
rustup component add rust-src --toolchain nightly
rustup target add x86_64-unknown-linux-musl
# Build and boot
RELEASE=1 bash build/scripts/assemble-image.sh myos.qcow2
make qemuSave your SSD:
make tmpfs-setupredirectstarget/anddist/(the only large gitignored output trees) into/tmp/MyOS/<hash>/so the write-heavy build cycle hits RAM. Reversible, idempotent, opt-in, no-op on CI. Seedocs/dev-tmpfs.md.
Boot in a graphical window with the kernel framebuffer terminal, and SSH in on port 2222 simultaneously:
make qemu-sdl
ssh -p 2222 -i tests/keys/test_id_ed25519 \
-o StrictHostKeyChecking=no root@127.0.0.1For headless and VirtualBox boot recipes, see docs/CAPABILITIES.md and specs/001-vm-optimized-os/quickstart.md.
nsh$ prompt with mybox applets, pipe chains, and standard utilities — captured via make screenshot.
Real nsh session over SSH — uname, /proc/meminfo, /proc/cpuinfo, ps, a base64 pipe, and the colored prompt. Generated via make demo-gif.
A complete, self-contained OS stack — kernel, drivers, networking, filesystem, security, and a full Unix userland:
+-------------------------------------------------------+
| User Space init | nsh | mybox (438 applets) | mymc |
| cloud-init | dropbear | sandbox |
+-------------------------------------------------------+
| Security Per-process syscall allowlist |
| Real UID/GID + supplementary groups |
| Credential audit ring |
| Verified boot (BLAKE2b → ed25519) |
+-------------------------------------------------------+
| System VFS | Syscall dispatch | Pipes | IPC |
| PTY/devpts | AF_UNIX sockets |
| POSIX / OFD / FLOCK byte-range locks |
| Signals (SA_SIGINFO, FP/XSTATE frames) |
| MLFQ scheduler | Linux ELF compat |
| epoll(7) | poll(2) | WaitQueue<N> |
+-------------------------------------------------------+
| Kernel MM (demand paging + CoW fork) |
| APIC/HPET | smoltcp | DHCP | ext2 |
| procfs (100+ nodes: /net /sys per-PID) |
| KASAN + FASAN + DWARF panic backtraces |
+-------------------------------------------------------+
| Drivers virtio-{blk,net,console,rng,input,gpu} |
| Framebuffer /dev/fb0 (virtio-gpu + VGA) |
| evdev /dev/input/eventN | /dev/kbdN |
| PCnet | NE2000 | AHCI | IDE |
+-------------------------------------------------------+
| Hardware QEMU q35 (primary) | VirtualBox |
+-------------------------------------------------------+
For the full enumeration of subsystems, syscalls, and userland binaries, see docs/CAPABILITIES.md.
Aims to be able to self host
A multi-call binary providing 438 Unix applets via symlinks in /bin. Dispatch is purely by argv[0] basename — no runtime overhead per applet. Covers file ops, text processing, filesystem inspection, process control, system info, archives, shell utilities, networking (DNS, HTTP, nc, ping), strace, and device utilities (evdev, fbpaint, fbmode).
nsh$ /bin/grep -i root /etc/passwd
root:x:0:0:root:/root:/bin/sh
nsh$ /bin/ls -la /bin/ls
lrwxrwxrwx 10 ls -> /bin/mybox
nsh$ mybox --list | wc -l
438Statically-linked musl ELF binaries compiled on Linux run directly on MyOS2026 without modification:
# On a Linux host:
musl-gcc -static -o hello hello.c
# Copy to MyOS2026 and run:
nsh$ /bin/hello
Hello, World!Full System V AMD64 ABI initial stack with correct AT_PHDR (vaddr-not-file-offset) and AT_SECURE on suid exec. All musl startup syscalls supported. Invalid accesses deliver SIGSEGV; stack overflows are caught at the guard. Dynamically-linked glibc binaries are also supported via the bundled ld-linux-x86-64.so.2. See docs/CAPABILITIES.md.
nsh$ sandbox --allow=read,write,exit /usr/bin/exploit-test
BLOCKED (errno=1) ← mount(2) blocked by kernel allowlistThe kernel enforces a deny-by-default syscall filter per process, installed via SYS_SANDBOX_ENTER. Filters survive execve and are independent across processes.
A memory-mapped /dev/fb0 device backed by virtio-gpu or Standard VGA — userspace can paint directly via mmap(2) with no kernel involvement per pixel, resize the display with FBIOPUT_FB0_GEOMETRY, and flush damage rectangles with FBIO_FLUSH_FB0. virtio-keyboard and virtio-tablet devices each appear as a standard Linux evdev character device under /dev/input/eventN delivering 24-byte struct input_event records, with POLLIN/epoll readiness and the full EVIOCG* ioctl surface:
nsh$ mybox evdev --device 0 --count 5 # read 5 raw input events from event0
nsh$ mybox fbpaint # paint the framebuffer directly via mmap
nsh$ mybox fbmode 1280 720 # change display resolution liveEvery RELEASE build embeds a BLAKE2b hash chain:
UEFI → Limine (config hash enrolled) → kernel.elf (BLAKE2b verified)
→ kernel_main ([vboot] ACTIVE pubkey: be5f7844108bcdd1)
Any binary tampering before a single kernel instruction executes causes an immediate boot abort.
Two independent builds from identical source produce byte-identical QCOW2. Achieved via SOURCE_DATE_EPOCH, pinned GPT/FAT UUIDs, and build/scripts/fix-ext2-timestamps.py.
| Principle | Choice |
|---|---|
| Kernel type | Minimal monolithic (Rust, no_std) |
| Bootloader | Limine v8.x (BIOS + UEFI, single config) |
| Block / virtio | virtio-blk/net/console/rng/input/gpu; AHCI, IDE |
| NIC | virtio-net (primary); PCnet, NE2000 also supported |
| Graphics | virtio-gpu + Standard VGA LFB → /dev/fb0 mmap |
| Input | virtio-keyboard/tablet → evdev /dev/input/eventN, /dev/kbdN |
| Network stack | smoltcp 0.11 (pure Rust, no_std) |
| Filesystem | ext2 (custom pure-Rust read/write driver) |
| SSH | Dropbear (userspace, cross-compiled for musl) |
| Userland | Rust + statically linked musl |
| Assembly | ~170 LOC total (entry stub, ISR trampoline, context-switch) |
kernel/ Rust kernel (no_std)
userland/ Userspace crates (musl-static): init, nsh, mybox, mymc, ...
bootloader/ Limine config + vendored binaries
build/ Makefile, image assembly scripts, CI helpers
tests/ Boot, SSH, shell, sandbox, syscall, scheduler integration tests
specs/ Per-feature specs (NNN-name/{spec,plan,tasks,quickstart}.md)
docs/ STATUS.md, CAPABILITIES.md, dev-tmpfs.md, syscall-diff.md
For the full layout, see docs/CAPABILITIES.md.
- Per-feature spec-kit workflow — every feature has
specs/NNN-name/{spec,plan,research,tasks}.mdand a quickstart. Implementation follows tests-before-code per the project constitution. - CI gate on every PR — clippy (
-D warnings), unit tests in parallel + sequential modes, boot integration undersmp ∈ {1, 2}, SSH login, sandbox, KASAN, ABI-drift, and docs-gate (per the constituent jobs listed indocs/STATUS.md). - Run the pipeline locally before pushing:
make ci-local # ~15 min; same step order and timeouts as remote CI - In-kernel diagnostics: dmesg ring (
/proc/dmesg), per-PID syscall trace (/proc/<pid>/trace), symbolized panic backtraces with DWARF line numbers,kassert!with PCB context, KASAN + FASAN memory-safety sanitizers.
All changes go through a feature branch and pull request — direct commits to master are prohibited.
- Fork the repository.
- Create a feature branch:
git checkout -b NNN-short-description origin/master. - Read the constitution at
.specify/memory/constitution.mdand the existing specs inspecs/. - Use the spec-kit workflow:
/speckit-specify,/speckit-plan,/speckit-tasks,/speckit-implement. - Run
make ci-localbefore pushing. - Open a PR targeting
master. Every feature PR must updateLearnings.MD,CHANGELOG.md, anddocs/STATUS.md(enforced by thedocs-gateCI step; bypass with[no-docs]in any commit message for docs-only or infra-only PRs).
For project conventions, MANDATORY workflows, and operational guides (in-kernel dmesg + GDB, KASAN, syscall-diff harness, tmpfs build redirection), see CLAUDE.md.
Good first issues:
- POSIX
lstat()that does not follow the final symlink component - Dynamic ELF loader (PT_INTERP support) — enables glibc-linked binaries
- GPG signing pipeline for release artifacts
See the issue tracker for follow-up work tagged good-first-issue and follow-up.
MyOS2026 is the third generation in a personal operating-systems family built by Mohiuddin Khan Inamdar, carrying forward lessons learned across two earlier generations:
- MyRTOS family — bare-metal real-time operating systems in C; established the interrupt model, timer substrate, scheduling fundamentals, and boot-sequencing patterns that this kernel refines in Rust.
- MyOS-Mini family — minimal x86 OS experiments that validated the VFS layer, process model, and memory-management architecture later rewritten here with Rust's ownership model.
Inspirations from the broader OS world:
- BSD (FreeBSD, OpenBSD, NetBSD) — process and credential model, VFS layer design, the philosophy of small auditable subsystems with clear contracts, and the importance of a rigorous manual-page ABI.
- Linux — the x86_64 syscall ABI that MyOS2026 targets for compatibility, ELF loading conventions,
/procfilesystem layout, virtio device model, and theno_stddiscipline shown by the kernel's C99 environment. - Academic kernels (xv6, Minix, L4) — clarity-over-features design discipline; every subsystem in MyOS2026 should be explainable from first principles in a single sitting.
- Rust OS community (Redox, blog_os, Tock) — prior art on applying Rust's ownership model to kernel concurrency,
no_stdecosystem crate choices, and inline-assembly idioms.
Mozilla Public License 2.0

