tokollo ea morero , e leng se u lumellang hore u thehe mekhoa ea ho sebetsa ea kopo e le 'ngoe, eo ho eona kopo e fanoang e le "unikernel" e ikemetseng e khonang ho sebetsa ntle le tšebeliso ea lisebelisoa tsa ts'ebetso, kernel e fapaneng ea OS, le lihlopha leha e le life. Puo ea ntlafatso ea kopo ke OCaml. Khoutu ea morero tlas'a laesense ea mahala ea ISC.
Ts'ebetso eohle ea boemo bo tlase ea sistimi ea ts'ebetso e kengoa ts'ebetsong joalo ka laebrari e hoketsoeng ts'ebelisong. Kopo e ka ntlafatsoa ho OS efe kapa efe, ka mor'a moo e bokelloa hore e be kernel e khethehileng (khopolo ) e ka tsamaisang ka ho toba ka holim'a Xen, KVM, BHyve, le VMM (OpenBSD) hypervisors, li-platform tsa mobile, e le ts'ebetso sebakeng se lumellanang le POSIX, kapa ho Amazon Elastic Compute Cloud le Google Compute Engine cloud environments.
Tikoloho e hlahisitsoeng ha e na letho le sa hlokahaleng ebile e sebelisana ka ho toba le hypervisor ntle le bakhanni le likarolo tsa tsamaiso, e leng se lumellang ho finyella ho fokotseha ho hoholo ha litšenyehelo tse holimo le ho eketsa tšireletso. Ho sebetsa le MirageOS ho theohela methating e meraro: ho lokisa tlhophiso ka ho tseba hore na ke life tse sebelisoang tikolohong. , ho haha tikoloho, le ho qala tikoloho. Nako ea ho matha ka holim'a Xen e ipapisitse le kernel e hlobotsoeng , le bakeng sa li-hypervisors tse ling le litsamaiso tse thehiloeng ho kernel .
Leha taba ea hore lits'ebetso le lilaebrari li thehiloe ka puo ea boemo bo holimo ea OCaml, maemo a teng a bonts'a ts'ebetso e ntle le boholo bo fokolang (mohlala, seva sa DNS se nka 200 KB feela). Tlhokomelo ea tikoloho e boetse e nolofalitsoe, kaha haeba u hloka ho ntlafatsa lenaneo kapa ho fetola tlhophiso, ho lekane ho theha le ho tsamaisa tikoloho e ncha. E tšehelitsoe ka puo ea OCaml ho etsa ts'ebetso ea marang-rang (DNS, SSH, OpenFlow, HTTP, XMPP, joalo-joalo), sebetsa ka polokelo le ho fana ka ts'ebetso ea data e tšoanang.
Liphetoho tse kholo tokollong e ncha li amana le ho fana ka ts'ehetso bakeng sa likarolo tse ncha tse hlahisitsoeng ka har'a sesebelisoa sa lisebelisoa (tikoloho ea sandbox bakeng sa ho tsamaisa unikernel):
- E ekelitse bokhoni ba ho tsamaisa unikernel MirageOS sebakeng se ka thoko ("sandboxed process tender") e fanoe ke sephutheloana sa lisebelisoa . Ha u sebelisa spt backend, li-kernels tsa MirageOS li sebetsa lits'ebetsong tsa basebelisi ba Linux, tse tlas'a ho itšehla thajana ho latela seccomp-BPF;
- Tšehetso e kentsoeng ho tloha morerong oa Solo5, o u lumellang hore u hlalose li-adapter tse ngata tsa marang-rang le lisebelisoa tsa polokelo tse khomaretsoeng ho unikernel ka thōko ho latela hvt, spt le muen backends (tšebeliso ea genode le virtio backends hajoale e lekanyelitsoe ho sesebelisoa se le seng);
- Tšireletso e matlafalitsoeng ea li-backends tse thehiloeng ho Solo5 (hvt, spt), ka mohlala, kopano ka mokhoa oa SSP (Stack Smashing Protection) e fanoa.
Source: opennet.ru