Matthew GarrettMy annual plea for a thing: I want a type 1 hypervisor that just has a small isolated VM and then passes through the rest of the hardware to the main VM which runs Linux. The small VM is intended to be used to run small pieces of code that the main OS should not be able to interfere with. Does such a thing exist? (Think Xen, but with a Dom0 that can't see into DomUs)
4censord 
@mjg59 maybe check on kata and firecracker.
These are container engines and not really made for you usecase, but they do run a minimal system Linux, and then run your applications in isolated mini VMs.
Maybe some of their tech can be addapted