kuburitswa kweprojekiti , iyo inokubvumira kuti ugadzire mashandisirwo ekushanda kwechishandiso chimwe chete, umo kushandiswa kunowanikwa se "unikernel" yakazvimiririra inogona kuurayiwa pasina kushandiswa kwemaitiro ekushanda, imwe yakasiyana OS kernel uye chero zvidimbu. Mutauro weOCaml unoshandiswa kugadzira maapplication. Project code pasi perezinesi reISC remahara.
Yese iyo yakaderera-chikamu mashandiro eiyo sisitimu yekushandisa inoiswa muchimiro cheraibhurari inosungirirwa kune application. Iko kushandiswa kunogona kuvandudzwa mune chero OS, mushure mezvo inounganidzwa kuita yakasarudzika kernel (iyo pfungwa ), iyo inogona kumhanya yakananga pamusoro peXen, KVM, BHyve uye VMM (OpenBSD) hypervisors, pamusoro pemapuratifomu enhare, senzira muPOSIX-inoenderana nharaunda, kana muAmazon Elastic Compute Cloud uye Google Compute Engine cloud environments.
Iyo inogadzirwa nharaunda haina chero chinhu chakanyanya uye inodyidzana yakanangana ne hypervisor isina madhiraivha kana masisitimu masisitimu, ayo anobvumira kuderedzwa kwakanyanya mumutengo wepamusoro uye kuwedzera kuchengetedzeka. Kushanda neMirageOS kunodzika kusvika kumatanho matatu: kugadzirira iyo gadziriso nekuona iyo inoshandiswa munharaunda. , kuvaka nharaunda uye kutanga nharaunda. Runtime yekumhanya pamusoro peXen yakavakirwa pane yakabviswa-pasi kernel , uye kune mamwe hypervisors uye kernel-based system .
Kunyangwe ichokwadi chekuti maapplication nemaraibhurari anogadzirwa mumutauro wepamusoro-level OCaml, nharaunda dzinobuda dzinoratidza kuita kwakanaka uye saizi shoma (semuenzaniso, sevha yeDNS inotora 200 KB chete). Kugadziriswa kwenzvimbo zvakare zvakareruka, nekuti kana zvichidikanwa kugadzirisa chirongwa kana kushandura dhizaini, zvakakwana kugadzira uye kutanga nharaunda nyowani. Inotsigirwa mumutauro weOCaml kuita network mashandiro (DNS, SSH, OpenFlow, HTTP, XMPP, nezvimwewo), shanda nekuchengetedza uye kupa parallel data processing.
Shanduko huru mukuburitswa kutsva dzine chekuita nekupa rutsigiro rwezvinhu zvitsva zvinopihwa muchokushandisa (sandbox nharaunda yekumhanyisa unikernel):
- Yakawedzera kugona kumhanya unikernel MirageOS munzvimbo yakasarudzika ("sandboxed process tender") yakapihwa neturusi . Paunenge uchishandisa iyo spt backend, MirageOS kernels inomhanya muLinux mushandisi maitiro uko kushoma kuparadzaniswa kunoshandiswa zvichienderana ne seccomp-BPF;
- Tsigiro yaitwa kubva kuSolo5 purojekiti, iyo inokutendera kuti utsanangure akawanda madhiraivha etiweki uye zvigadziriso zvekuchengetedza zvakanamirwa kune unikernel mukuzvimiririra zvichibva pahvt, spt uye muen backends (kushandiswa kwegenode uye virtio backends ikozvino inogumira kune imwe mudziyo);
- Kudzivirirwa kwemashure kunobva kuSolo5 (hvt, spt) kwakasimbiswa, semuenzaniso, kuvaka muSSP (Stack Smashing Protection) mode yakapihwa.
Source: opennet.ru