# Ephemeral VMs {#ephemeral-vm}

In Takumi Runner, all workflow jobs run on dedicated ephemeral (disposable) VMs. This page explains the definition of ephemeral VMs and the isolation model.

## What Is an Ephemeral VM {#what-is-ephemeral-vm}

An ephemeral VM is a virtual machine that is newly created for each job execution and automatically destroyed upon completion. Each VM has its own independent kernel, filesystem, and network stack, with no state shared between jobs.

As shown in the following diagram, even when multiple jobs are running, each is guaranteed to be assigned to a different VM.

```mermaid
sequenceDiagram
    participant GH as GitHub Actions

    box rgb(230, 240, 255) Takumi Runner
        participant VM1 as VM 1
        participant VM2 as VM 2
        participant VM3 as VM 3
    end

    GH->>VM1: Assign Job A
    activate VM1
    Note over VM1: VM created

    GH->>VM2: Assign Job B
    activate VM2
    Note over VM2: VM created

    VM1->>GH: Job A completed
    deactivate VM1
    Note over VM1: VM destroyed

    GH->>VM3: Assign Job C
    activate VM3
    Note over VM3: VM created

    VM2->>GH: Job B completed
    deactivate VM2
    Note over VM2: VM destroyed

    VM3->>GH: Job C completed
    deactivate VM3
    Note over VM3: VM destroyed
```

This "1 job = 1 VM" model guarantees:

- Files and processes left by previous jobs do not affect subsequent jobs
- Credentials and tokens obtained during job execution are destroyed along with the VM
- A compromised job is unlikely to spread to other jobs

:::note
While ephemeral VMs eliminate state sharing at the VM level, compromise between jobs can still occur through GitHub-side shared caches, such as [Cache Poisoning](https://adnanthekhan.com/2024/05/06/the-monsters-in-your-build-cache-github-actions-cache-poisoning/). Ephemeral VMs strengthen runner environment isolation but do not completely eliminate risks stemming from shared resources on the GitHub Actions platform.
:::

## Isolation Boundary {#isolation-boundary}

Ephemeral VM isolation consists of the following layers:

| Layer      | Isolation                                                            |
| ---------- | -------------------------------------------------------------------- |
| Kernel     | An independent Linux kernel boots per VM                             |
| Filesystem | An independent root filesystem is assigned per VM                    |
| Network    | An independent network namespace and virtual NIC are assigned per VM |
| Processes  | Processes in one VM cannot see processes in other VMs                |

Container-based isolation shares the host OS kernel, creating risk of escape through kernel vulnerabilities. With VM-level isolation, an independent kernel boots per job, making escape to the shared infrastructure (host) relatively more difficult.