Yonke imisebenzi yezinga eliphansi yomdabu kusistimu yokusebenza isetshenziswa njengelabhulali enamathiselwe kuhlelo lokusebenza. Uhlelo lokusebenza lungathuthukiswa kunoma iyiphi i-OS, ngemuva kwalokho luhlanganiswe lube yi-kernel ekhethekile (umqondo
Imvelo ekhiqiziwe ayiqukethe lutho olungadingekile futhi isebenzisana ngokuqondile ne-hypervisor ngaphandle kwezishayeli nezendlalelo zesistimu, okuvumela ukufeza ukuncipha okuphawulekayo kwezindleko eziphezulu nokwandisa ukuphepha. Ukusebenza ne-MirageOS kwehlela ezigabeni ezintathu: ukulungisa ukucushwa nokunquma ukuthi yiziphi ezisetshenziswa endaweni ezungezile.
Naphezu kweqiniso lokuthi izinhlelo zokusebenza nemitapo yolwazi kwakhiwa ngolimi lwezinga eliphezulu i-OCaml, izindawo eziwumphumela zibonisa ukusebenza okuhle ngokufanele kanye nosayizi omncane (isibonelo, iseva ye-DNS ithatha kuphela u-200 KB). Ukugcinwa kwezindawo nakho kwenziwa lula, ngoba uma udinga ukubuyekeza uhlelo noma ushintshe ukucushwa, kwanele ukudala nokusebenzisa indawo entsha. Isekelwe
Izinguquko eziyinhloko ekukhishweni okusha zihlobene nokuhlinzeka ngosekelo lwezici ezintsha ezihlongozwayo kukhithi yamathuluzi
- Kwengezwe amandla okusebenzisa i-MirageOS ye-unikernel endaweni engayodwa
spt ("ithenda yenqubo ye-sandboxed") inikezwe yikhithi yamathuluziSolo5 . Uma usebenzisa i-spt backend, izinhlamvu ze-MirageOS zisebenza ezinqubweni zabasebenzisi be-Linux, ezingaphansi kokuhlukaniswa okuncane okusekelwe ku-seccomp-BPF; - Ukwesekwa okusetshenzisiwe
I-manifest yohlelo lokusebenza kusukela kuphrojekthi ye-Solo5, ekuvumela ukuthi uchaze ama-adaptha enethiwekhi amaningi kanye namadivayisi okugcina anamathiselwe ku-unikernel ngokuhlukaniswa ngokusekelwe ku-hvt, spt kanye ne-muen backends (ukusetshenziswa kwe-genode kanye ne-virtio backends okwamanje kukhawulelwe kudivayisi eyodwa); - Ukuvikelwa okuqinisiwe kwama-backends okusekelwe ku-Solo5 (hvt, spt), isibonelo, ukuhlanganisa ngemodi ye-SSP (I-Stack Smashing Protection) inikezwa.
Source: opennet.ru