Hello, http://unikernel.org/blog/2017/unikernels-are-secure
https://wiki.xenproject.org/wiki/Unikernels Has anyone built a unikernel-image, from gentoo as the seed OS? I have no interests for commercial or vendor-constrained approaches to unikernels. But, to me, unikernels offer a nice and compatible pathway for many in the gentoo community. I have a looser focus on Unikernel that may of the Xen and unikernel purist. Unikernels may be of interests to those interest in bubble-tight security, performance, minimization, clusters, vm, containers or just running on less expensive or older hardware, depending on what codes you include. My goals are hundreds of images that run on a variety of low power resources, but mostly focused on 64 bit processors, DSP or many forms of resource intensive system. The super-fast boot semantic so lots of boards can brought up or shutdown, as desire has me evaluation a variety of traditional as well as minimal boot strapping codes as the kernel-seed that ties into the always on ether (ipmi, coreboot, misc-firmware, efi etc etc). Is there anyone using a gentoo centric approach to rolling (gentoo) unikernels? Ultimately once a workstation (cross)tool-chain is establish, with flexibility, it may not an issue to maintain dozens of images depending on hardware diversification. amd6 and arm64 are my current evaluation/testing architects. There are (2) approaches that are most common from my work and research:: 1. No software can be added, only data so the frameworks (software stacks) have to be preconceived and included in the image. This approach would eventually require one to develop dozens or hundreds of fully-self-contained images. But with full boot in the order of a few seconds, it might be a wonderful approach to managing resources securely. dev-util/catalyst maybe useful for generating this sorts of unikernel images. Surely a stage-4 approach is viable. 2. Flexible so you can add codes, modify frameworks and software stacks, without rebuilding everything into the boot image. This is ideal, but may open up more attack surfaces. This would be more similar to embedded-gentoo or minimized gentoo system. I have little experience with this approach. Another wonderful benefit for Unikernels, is HPC and other linux clusters; just simple fly as Unikernels leave more processor/memory available for tasks. Alpine/docker is dominating this space for now, but it's a natural pathway for gentooers to follow, imho. So if you run into github, webpages or other relevant resources, please drop me a line, or post to this thread. TIA, James
