ProHoster > Блог > ozi ịntanetị > Ntọhapụ nke MirageOS 3.6, ikpo okwu maka ịgba ọsọ ngwa n'elu hypervisor

Ntọhapụ nke MirageOS 3.6, ikpo okwu maka ịgba ọsọ ngwa n'elu hypervisor

mere ntọhapụ oru ngo Mirage OS 3.6, nke na-enye gị ohere ịmepụta sistemụ arụmọrụ maka otu ngwa, nke a na-enye ngwa ahụ dị ka "unikernel" nke nwere onwe ya nke nwere ike igbu ya n'ejighị sistemụ arụmọrụ, kernel OS dị iche na nke ọ bụla. A na-eji asụsụ Ocaml mepụta ngwa. Koodu oru ngo kesara site n'okpuru ikike ISC efu.

A na-arụ ọrụ niile dị ala nke dị na sistemụ arụmọrụ n'ụdị ọbá akwụkwọ nke etinyere na ngwa ahụ. Enwere ike ịmepụta ngwa a na OS ọ bụla, emesịa chịkọta ya na kernel pụrụ iche (echiche unikernel), nke nwere ike na-agba ọsọ ozugbo n'elu Xen, KVM, BHyve na VMM (OpenBSD) hypervisors, n'elu mobile nyiwe, dị ka a usoro na a POSIX-compliant gburugburu ebe obibi, ma ọ bụ na Amazon Elastic Compute Cloud na Google Compute Engine ígwé ojii gburugburu.

Gburugburu ebe a na-emepụta enweghị ihe ọ bụla na-enweghị isi ma na-emekọrịta ihe ozugbo na hypervisor na-enweghị ndị ọkwọ ụgbọala ma ọ bụ usoro nhazi, nke na-enye ohere maka mbelata dị ukwuu nke ụgwọ ego na-abawanye na nchekwa. Na-arụ ọrụ na MirageOS na-agbada na nkebi atọ: ịkwadebe nhazi na ịchọpụta ndị ejiri na gburugburu ebe obibi Ngwunye OPAM, iwulite gburugburu ebe obibi na ịmalite gburugburu ebe obibi. Oge ịgba ọsọ n'elu Xen dabere na kernel gbadara agbada Obere-OS, yana maka hypervisors ndị ọzọ na sistemu kernel Ekele5.

N'agbanyeghị na emepụtara ngwa na ọba akwụkwọ n'asụsụ OCaml dị elu, gburugburu ebe a na-arụpụta na-egosipụta arụmọrụ dị mma yana obere nha (dịka ọmụmaatụ, sava DNS na-ewe naanị 200 KB). A na-eme ka nlekọta nke gburugburu ebe dị mfe, ebe ọ bụrụ na ọ dị mkpa imelite mmemme ma ọ bụ gbanwee nhazi ahụ, ọ ga-ezuru ịmepụta ma malite ebe ọhụrụ. Akwadoro ọba akwụkwọ iri na abụọ n'asụsụ OCaml ịrụ ọrụ netwọk (DNS, SSH, OpenFlow, HTTP, XMPP, wdg), rụọ ọrụ na nchekwa ma nye nhazi data yiri ya.

Mgbanwe bụ isi na ntọhapụ ọhụrụ a metụtara inye nkwado maka atụmatụ ọhụrụ enyere na ngwa ngwa Solo5 0.6.0 (Gburugburu Sandbox maka ịgba ọsọ unikernel):

  • Agbakwunyere ikike ịgba ọsọ unikernel MirageOS na gburugburu dịpụrụ adịpụ spt ("Sandboxed process tender") nke ngwa ngwa wetara Ekele5. Mgbe ị na-eji spt backend, MirageOS kernels na-agba ọsọ na usoro onye ọrụ Linux nke etinyere ntakịrị ikewapụ dabere na seccomp-BPF;
  • Emebere nkwado ngwa ngosi site na ọrụ Solo5, nke na-enye gị ohere ịkọwa ọtụtụ ihe nkwụnye netwọk na ngwaọrụ nchekwa na-ejikọta na unikernel dị iche iche dabere na hvt, spt na muen backends (iji maka genode na virtio backends bụ nanị otu ngwaọrụ ugbu a);
  • Nchedo nke azụ azụ dabere na Solo5 (hvt, spt) ka ewusiri ike, dịka ọmụmaatụ, ewunyela ọnọdụ SSP (Stack Smashing Protection).

isi: opennet.ru

Tinye a comment