Comparison between a stack of a program running on a traditional OS and a unikernel compiled with MirageOS
An example of library operating systems is Rump , which is based on NetBSD and allows you to compile an unikernel of POSIX software without having to modify it. Rump can generate unikernel specifically to run on Xen or it can generate unikernel genereci, executable on any virtualization system.
Unikernel examples, for example, PHP, can be found here.
Why are unikernel so important?
Unikernel is a light alternative to Linux containers for the use of microservice in the cloud. In addition, unikernel have a smaller attack surface than Linux containers. Lightness and safety are important concepts for those offering Cloud services, in fact, thanks to the lightness and isolation of unikernel it is possible to easily move services between different hosts. Docker, attentive to these problems, has introduced the management of lightweight VMs in which the unikernel runs.
On the other hand, the drive to make lighter containers is very strong among developers, including the aforementioned Docker team that has found a way to make containers even lighter [3].
We will see among the various solutions proposed, which will prevail.
Qubes-OS
Unikernel can also be used to implement “secure” applications in operating systems, such as Qubes-OS, which base security on process/service isolation through virtual machines. For example, with MirageOS (an OS library that uses OCaml) a stand-alone firewall has been implemented.
These OS libraries can also be used to create real sandboxes in which to carry out the most disparate tests in complete safety.
So I just have to tell you, have fun with unikernel!