qhov project tso tawm , uas tso cai rau koj los tsim cov kev khiav hauj lwm rau ib daim ntawv thov, nyob rau hauv uas daim ntawv thov raug xa raws li tus kheej muaj "unikernel" uas tuaj yeem ua tiav yam tsis muaj kev siv lub tshuab ua haujlwm, cais OS kernel thiab txhua txheej. Cov lus OCaml yog siv los tsim cov ntawv thov. Qhov project code raws li daim ntawv tso cai ISC dawb.
Tag nrho cov kev ua haujlwm qis uas muaj nyob rau hauv lub operating system yog siv nyob rau hauv daim ntawv ntawm lub tsev qiv ntawv uas txuas nrog rau daim ntawv thov. Daim ntawv thov tuaj yeem tsim nyob rau hauv ib qho OS, tom qab ntawd nws tau muab tso ua ke rau hauv cov ntsiav tshwj xeeb (lub tswvyim ), uas tuaj yeem khiav ncaj qha rau saum Xen, KVM, BHyve thiab VMM (OpenBSD) hypervisors, nyob rau sab saum toj ntawm mobile platforms, raws li cov txheej txheem hauv POSIX-raws li ib puag ncig, lossis hauv Amazon Elastic Compute Cloud thiab Google Compute Engine huab ib puag ncig.
Qhov chaw tsim khoom tsis muaj ib yam dab tsi superfluous thiab cuam tshuam ncaj qha nrog lub hypervisor yam tsis muaj cov tsav tsheb lossis cov txheej txheem txheej txheem, uas tso cai rau txo qis ntawm cov nqi siv nyiaj thiab kev nyab xeeb ntxiv. Ua hauj lwm nrog MirageOS los mus rau peb theem: npaj cov kev teeb tsa nrog kev txheeb xyuas cov uas siv hauv ib puag ncig , tsim kom muaj ib puag ncig thiab nthuav tawm ib puag ncig. Lub sij hawm khiav mus rau sab saum toj ntawm Xen yog raws li cov khoom siv stripped-down , thiab rau lwm yam hypervisors thiab kernel-based systems .
Txawm tias muaj tseeb tias cov ntawv thov thiab cov tsev qiv ntawv tau tsim nyob rau hauv qib siab OCaml cov lus, qhov tshwm sim ib puag ncig ua rau pom kev ua tau zoo thiab qhov loj me me (piv txwv li, DNS server siv tsuas yog 200 KB). Kev saib xyuas ntawm ib puag ncig kuj yooj yim, txij li yog tias nws tsim nyog los hloov kho qhov kev pab cuam lossis hloov qhov kev teeb tsa, nws txaus los tsim thiab tsim ib qho chaw tshiab. Txhawb nqa hauv OCaml hom lus los ua haujlwm hauv network (DNS, SSH, OpenFlow, HTTP, XMPP, thiab lwm yam), ua haujlwm nrog kev khaws cia thiab muab cov ntaub ntawv sib luag.
Cov kev hloov pauv tseem ceeb hauv qhov kev tso tawm tshiab yog cuam tshuam nrog kev txhawb nqa rau cov yam ntxwv tshiab muaj nyob hauv cov khoom siv (sandbox ib puag ncig rau khiav unikernel):
- Ntxiv lub peev xwm los khiav unikernel MirageOS nyob rau hauv ib qho chaw sib cais ("sandboxed process tender") muab los ntawm cov khoom siv . Thaum siv spt backend, MirageOS kernels khiav hauv Linux cov neeg siv cov txheej txheem uas qhov kev sib cais tsawg yog siv raws li seccomp-BPF;
- Kev them nyiaj yug tau siv los ntawm txoj haujlwm Solo5, uas tso cai rau koj los txhais ntau lub network adapters thiab cov khoom siv cia txuas nrog lub unikernel hauv kev sib cais raws li hvt, spt thiab muen backends (siv rau genode thiab virtio backends tam sim no txwv rau ib lub cuab yeej);
- Kev tiv thaiv ntawm backends raws li Solo5 (hvt, spt) tau ntxiv dag zog, piv txwv li, lub tsev hauv SSP (Stack Smashing Protection) hom tau muab.
Tau qhov twg los: opennet.ru