Applying the unikernel concept to more applications
Applying the unikernel concept to more applications
Posted Sep 1, 2014 23:37 UTC (Mon) by dmarti (subscriber, #11625)In reply to: Applying the unikernel concept to more applications by ibukanov
Parent article: Containers vs Hypervisors: The Battle Has Just Begun (Linux.com)
OSv will use some libraries built for a Linux host (such as libevent in the HTTP server example above) so you may not have to do a separate build just for your OSv systems, and simply use the library from your Linux environment of choice.
I don't know if it's meaningful to say that OSv isolation level is similar to that of NaCl. Both of them definitely have the goal of strict isolation, but they approach it in totally different ways: NaCl by forcing you to use a safe subset of valid x86_64 code, and OSv by using the hypervisor/guest kernel barrier.
Posted Sep 2, 2014 5:45 UTC (Tue)
by ibukanov (subscriber, #3942)
[Link] (1 responses)
However, this situation is still much better than a typical setup for Linux containers where a bug in a big and fat Linux kernel allows to take the whole system. And I suppose OSv can archive the same if not better performance than container solutions.
What is interesting about NaCl is that it provides the same level of isolation as one gets using memory protection under normal OS with much cheaper system calls. They are still more expensive than function calls, but the performance toll should be small enough not to worry about it. So it would be interesting to port NaCL to OSv to get both performance of a lightweight VM and isolation one gets using using a memory-protected kernel for system services.
Posted Sep 5, 2014 9:35 UTC (Fri)
by justincormack (subscriber, #70439)
[Link]
Applying the unikernel concept to more applications
Applying the unikernel concept to more applications