Have you seen container2wasm or ktock/vscode-container-wasm?

container2wasm: https://github.com/container2wasm/container2wasm

ktock/vscode-container-wasm: https://github.com/ktock/vscode-container-wasm

ktock/vscode-container-wasm-gcc-example: https://github.com/ktock/vscode-container-wasm-gcc-example

From joelseverin/linux-wasm: https://github.com/joelseverin/linux-wasm :

> Hint: Wasm lacks an MMU, meaning that Linux needs to be built in a NOMMU configuration. Wasm programs thus need to be built using -fPIC/-shared. Alternatively, existing Wasm programs can run together with a proxy that does syscalls towards the kernel. In such a case, each thread that wishes to independently execute syscalls should map to a thread in the proxy. The drawback of such an approach is that memory cannot be mapped and shared between processes. However, from a memory protection standpoint, this property could also be beneficial.

Would hardened_malloc or llvm scudo be useful in a WASM runtime (given that WASM doesn't have an MMU)? https://www.google.com/search?q=would+hardened_malloc+be+use...

Emscripten handles malloc and free with dlmalloc, emmalloc, mimalloc,

  emcc your_code.c -s 'MALLOC="emmalloc"' -o your_code.html

"Import custom memory manager?" · Issue #24851 · emscripten-core/emscripten https://github.com/emscripten-core/emscripten/issues/24851

Just learned about Cage:

Cage does Hardware-Accelerated Safe WebAssembly (WASM) with LLVM with support for ARM64 Memory Tagging Extension (MTE) and Pointer Authentication (PAC) memory safety features.

"Cage: Hardware-Accelerated Safe WebAssembly" (2024) https://arxiv.org/abs/2408.11456v2