It was announced Few days ago the launch of the new version of the MirageOS 3.6 project, which is an operating system library that allows training single application operating systems as a "Unikernel" which is autonomous, capable of running without the use of operating systems, an independent operating system kernel.
For application development, OCaml is used. The project code is distributed under a free ISC license. The basic idea behind a unikernel is that is a highly optimized and specially designed operating system that can help enable efficient operation and delivery of applications.
All the low-level functionality inherent in the operating system is implemented in the form of a library attached to the application.
The application can be developed on any operating system, after which it is compiled into a specialized kernel (unikernel concept), that can be run directly on top of hypervisors Xen, KVM, BHyve and VMM (OpenBSD), on mobile platforms, in the form of a process in a POSIX compliant environment or in Amazon Elastic Compute Cloud and Google Compute Engine cloud environments.
The generated environment contains nothing superfluous and interacts directly with the hypervisor without controllers and system layers, achieving a significant reduction in overall costs and increased security.
Working with MirageOS comes down to three stages: prepare the configuration with the definition of the OPAM packages used in the environment, build the environment and start the environment.
The runtime for working on Xen is based on the Mini-OS thin kernel, and for other hypervisors and systems based on the Solo5 kernel.
What's new in MirageOS 3.6?
The main changes in the new version are related to the provision of support for the new features proposed in Only5 0.6.0. Which originally started as a project to port MirageOS to run on the Linux / KVM hypervisor. Since then, it has become a more general sandbox runtime, suitable for running applications built using various unikernels, targeting different sandboxing technologies on various host operating systems and hypervisors.
Among the improvements implemented Manifest support is highlighted, allowing you to define multiple network adapters and storage devices connected to unikernel during isolation based on hvt, spt and muen backends (use of genode and virtio backends is limited to one device so far) -
As well as support for enabling stack smashing protection across the toolchain by default and improved page protection on some targets.
Another novelty that stands out in the ad is that added the ability to run the MirageOS unikernel in the isolated spt environment provided by Solo5. When using the spt backend, the MirageOS cores run in Linux user processes with minimal isolation based on seccomp-BPF.
Solo5 (hvt, spt) -based backend protection is strengthened, for example compilation in SSP (Stack Crush Protection) mode is provided.
How to get MirageOS?
For those interested in being able to obtain this new version of MirageOS, they can do so by following the instructions that we share below.
The requirements to install MirageOS is to count with a UNIX system (Linux, Mac or BSD) and have OPAM 2.0.0 or later and OCaml 4.05.0 or later.
In the event that this is not the case, they can be installed by executing one of the following commands in the terminal depending on your distribution.
In the case of those who are users of Debian, Ubuntu or derivatives of these:
sudo apt-get update
sudo apt-get install opam
While for those who use Arch Linux, Manjaro or any other derivative of Arch:
sudo pacman -S opam
Fedora, RHEL, CentOS or any other derivative of these:
sudo dnf -i opam
Finally, to install MirageOS:
opam init
opam install mirage