| 1 |
Hello, |
| 2 |
|
| 3 |
http://unikernel.org/blog/2017/unikernels-are-secure |
| 4 |
|
| 5 |
https://wiki.xenproject.org/wiki/Unikernels |
| 6 |
|
| 7 |
Has anyone built a unikernel-image, from gentoo as the seed OS? |
| 8 |
I have no interests for commercial or vendor-constrained approaches to |
| 9 |
unikernels. But, to me, unikernels offer a nice and compatible pathway |
| 10 |
for many in the gentoo community. I have a looser focus on Unikernel |
| 11 |
that may of the Xen and unikernel purist. |
| 12 |
|
| 13 |
Unikernels may be of interests to those interest in bubble-tight |
| 14 |
security, performance, minimization, clusters, vm, containers |
| 15 |
or just running on less expensive or older hardware, depending |
| 16 |
on what codes you include. My goals are hundreds of images that run on a |
| 17 |
variety of low power resources, but mostly focused on 64 bit processors, |
| 18 |
DSP or many forms of resource intensive system. The super-fast boot |
| 19 |
semantic so lots of boards can brought up or shutdown, as desire |
| 20 |
has me evaluation a variety of traditional as well as minimal boot |
| 21 |
strapping codes as the kernel-seed that ties into the always on ether |
| 22 |
(ipmi, coreboot, misc-firmware, efi etc etc). |
| 23 |
|
| 24 |
Is there anyone using a gentoo centric approach to rolling |
| 25 |
(gentoo) unikernels? Ultimately once a workstation (cross)tool-chain |
| 26 |
is establish, with flexibility, it may not an issue to maintain |
| 27 |
dozens of images depending on hardware diversification. amd6 and arm64 |
| 28 |
are my current evaluation/testing architects. |
| 29 |
|
| 30 |
|
| 31 |
There are (2) approaches that are most common from my work and |
| 32 |
research:: |
| 33 |
|
| 34 |
1. No software can be added, only data so the frameworks (software |
| 35 |
stacks) have to be preconceived and included in the image. This |
| 36 |
approach would eventually require one to develop dozens or hundreds of |
| 37 |
fully-self-contained images. But with full boot in the order of a few |
| 38 |
seconds, it might be a wonderful approach to managing resources securely. |
| 39 |
|
| 40 |
|
| 41 |
dev-util/catalyst maybe useful for generating this sorts |
| 42 |
of unikernel images. Surely a stage-4 approach is viable. |
| 43 |
|
| 44 |
|
| 45 |
2. Flexible so you can add codes, modify frameworks and software stacks, |
| 46 |
without rebuilding everything into the boot image. This is ideal, but |
| 47 |
may open up more attack surfaces. This would be more similar to |
| 48 |
embedded-gentoo or minimized gentoo system. I have little experience |
| 49 |
with this approach. |
| 50 |
|
| 51 |
|
| 52 |
Another wonderful benefit for Unikernels, is HPC and other linux |
| 53 |
clusters; just simple fly as Unikernels leave more processor/memory |
| 54 |
available for tasks. Alpine/docker is dominating this space for now, but |
| 55 |
it's a natural pathway for gentooers to follow, imho. |
| 56 |
|
| 57 |
So if you run into github, webpages or other relevant resources, please |
| 58 |
drop me a line, or post to this thread. |
| 59 |
|
| 60 |
|
| 61 |
TIA, |
| 62 |
James |
Archives