Hi,
There's been the vmss2core tool for years, I've used it in the past to troubleshoot some VMs and its great.
It's not live introspection, but if you can suspend (or snapshot) your VM then you can inspect the vmss file created with any tool.
As snapshots work there's no need to crash the VM.
There are also things that can be done via VIX like listing the processes currently running, but that might require having vmware tools installed.
--
Wil
Hi,
You can trigger a snapshot via the vmrun command line.
See:
So back to the sandbox... 
--
Wil
Hi Pixel Fairy,
Admittedly I haven't looked much into OS X's sandbox technology on what it can do, just read the manual pages and they aren't very helpful.
But somehow I doubt you technically can sandbox vmware-vmx. The only applications I've seen sandboxed after a quick search are user level applications.
The GUI (VMware Fusion.app) runs as a user and you can probably sandbox that part. But that won't help with your goal (at all).
The vmware-vmx processes run not just as root user, but also has dependencies on things like its own kernel modules.
I somehow doubt that the sandbox can fence anything off there. The hypervisor runs at a very low level, heck it even can do stuff like mask off CPU features.
How would that work within a sandbox?
I'm not exactly sure of your threat scenario, but you are correct that VMware Fusion is no Qubes OS. You could automate some part of the workflow if you want, but even then the outset that the Qubes OS team starts from is different. One thing you should probably look at is using non persistent disks, so that when you turn off the VM that everything is forgotten from the last run.
To get back to guest escapes, there haven't been much guest to host escapes in VMware Fusion. If my memory serves me well then the only escapes found so far have involved features that had been provided by VMware Tools. The only one I can remember right now is one involving the virtual printer feature.
That doesn't mean that there aren't other issues, but they are not known in the wild as far as I know at this moment.
Now guest to host escapes on Xen that Qubes is based on.. is a different story.. Not saying that Xen is a bad product, the Qubes OS team had its reasons to use that as a base, but I've also read some rants from Joanna about Xen not taking security as serious as she wants.
If your guest OS lives on the same network as other machines then that particular threat scenario is different from anything else and doesn't really differ from a security standpoint with physical machines.
--
Wil
Hi,
No I wasn't talking about linked clones.
I meant this:
http://www.vspecialist.co.uk/non-persistent-disks-with-vms/
VMware vSphere and Vmware Workstation offer this option in the GUI.
VMware Fusion does not, so the only way to use that option is by hand editing the vmx file (which is considered advanced use)
An example on that is here:
http://sanbarrow.com/vmx/vmx-ide.html
Finally I think it would be fair to include this note as well:
vSphere 6.0 Avoid using nonpersistent disks
--
Wil