ukukhutshwa kweprojekthi , ekuvumela ukuba udale iinkqubo zokusebenza kwisicelo esisodwa, apho isicelo sinikezelwa njenge-self-contained "unikernel" enokuthi iqhutywe ngaphandle kokusetyenziswa kweenkqubo zokusebenza, i-kernel ye-OS eyahlukileyo kunye naluphi na uluhlu. Ulwimi lwe-OCaml lusetyenziselwa ukuphuhlisa izicelo. Ikhowudi yeprojekthi phantsi kwelayisensi ye-ISC yasimahla.
Yonke imisebenzi ekwinqanaba elisezantsi ehambelana nesistim yokusebenza iphunyezwa ngohlobo lwethala leencwadi elincanyathiselwe kwisicelo. Isicelo sinokuphuhliswa kuyo nayiphi na i-OS, emva koko ihlanganiswe ibe yi-kernel ekhethekileyo (umbono ), enokuthi iqhube ngokuthe ngqo phezulu kwe-Xen, i-KVM, i-BHyve kunye ne-VMM (i-OpenBSD) i-hypervisors, phezu kweeplatifomu zeselula, njengenkqubo kwi-POSIX-ehambelanayo nendawo, okanye kwi-Amazon Elastic Compute Cloud kunye ne-Google Compute Engine cloud environments.
Ummandla owenziweyo awuqulathanga nantoni na engafanelekanga kwaye isebenzisana ngokuthe ngqo ne-hypervisor ngaphandle kwabaqhubi okanye iileyile zenkqubo, evumela ukunciphisa kakhulu iindleko eziphezulu kunye nokhuseleko olwandisiweyo. Ukusebenza kunye neMirageOS kwehla ukuya kumanqanaba amathathu: ukulungiselela uqwalaselo ngokuchonga abo basetyenziswa kwindawo esingqongileyo. , ukwakha okusingqongileyo kunye nokuphehlelela okusingqongileyo. Ixesha lokubaleka ukubaleka phezu kwe Xen lisekwe kwi kernel ehlutyiweyo , kunye nezinye ii-hypervisors kunye ne-kernel-based systems .
Ngaphandle kwento yokuba izicelo kunye neelayibrari zenziwe kulwimi olukwinqanaba eliphezulu le-OCaml, iimeko ezisisiphumo ezisisiphumo zibonisa ukusebenza kakuhle ngokufanelekileyo kunye nobukhulu obuncinci (umzekelo, iseva ye-DNS ithatha kuphela i-200 KB). Ukugcinwa kweendawo ezisingqongileyo kwenziwe lula, kuba ukuba kuyimfuneko ukuhlaziya inkqubo okanye ukuguqula ukucwangciswa, kwanele ukudala kunye nokuqalisa indawo entsha. Ixhasiwe ngolwimi lwe-OCaml ukwenza imisebenzi yenethiwekhi (i-DNS, i-SSH, i-OpenFlow, i-HTTP, i-XMPP, njl.), sebenza kunye nokugcinwa kunye nokubonelela ngokucwangciswa kwedatha efanayo.
Utshintsho oluphambili ekukhutshweni okutsha luhambelana nokubonelela ngenkxaso kwizinto ezintsha ezinikezelwa kwi-toolkit (indawo yebhokisi yesanti yokuqhuba i-unikernel):
- Yongeza ukukwazi ukuqhuba i-unikernel MirageOS kwindawo ekwanti (“ithenda ye-sandboxed process”) inikezelwe yi-toolkit . Xa usebenzisa i-spt backend, ii-MirageOS kernels zisebenza kwiinkqubo zabasebenzisi be-Linux apho ukwahlulwa okuncinci kusetyenziswe ngokusekelwe kwi-seccomp-BPF;
- Inkxaso iphunyeziwe ukusuka kwiprojekthi ye-Solo5, ekuvumela ukuba uchaze iiadaptha zenethiwekhi ezininzi kunye nezixhobo zokugcina ezifakwe kwi-unikernel ngokuzimeleyo ngokusekelwe kwi-hvt, i-spt kunye ne-muen backends (ukusetyenziswa kwe-genode kunye ne-virtio backends okwangoku kukhawulelwe kwisixhobo esinye);
- Ukukhuselwa kwee-backends ezisekelwe kwi-Solo5 (hvt, spt) yomeleziwe, umzekelo, isakhiwo kwimodi ye-SSP (i-Stack Smashing Protection) inikezelwe.
umthombo: opennet.ru
