Hacker News new | past | comments | ask | show | jobs | submit login

is there a c++ unikernel implementation?

why do people run unikernels inside vms? I thought the overhead of vm+unikernels could be more than processes+os?

shouldn't unikernels be run on bare metal?

Good question. Unikernels need to be run inside VMs essentially because they use Xen for drivers. If you wanted to run a unikernel on bare metal, it would only run a single piece of hardware, or it would have to contain drivers for every piece of hardware out there like Linux, which would be impractical. It's also probably not very secure.

Xen has something called "dom0", which is the "domain" of the privileged management OS. It has the drivers for the ACTUAL hardware. dom0 in Xen must be Linux AFAIK, so you are using Linux drivers to communicate with paravirtualized guest OSes.

The guest OSes can be Windows, Linux, Solaris, etc. What paravirtualization means is that instead of communicating with real hardware like those OSes are meant to do, they are modified to communicate with a special, portable Xen interface. Xen abstracts away hardware for both guest OSes and unikernels.

NetBSD can be dom0 too.

Xen was originally implemented in NetBSD! NetBSD was the first dom0

Excellent question. I don't believe there is a c++ implementation but you should check out http://rumpkernel.org/.

vm+unikernel is definitely higher overhead than process+os, but more many workloads using shared hosting (aka "the cloud") you're stuck with a vm. A unikernel is then the lightest weight abstraction to put on your vm.

rump kernel has a baremetal driver, and a userspace one. Mirage will probably get some non-Xen drivers too soon..

It can also give you the side benefit of reducing the cost of context switches, since you don't have to switch memory privilege levels as often when your drivers are running in user space.

OSv is mostly C++ http://osv.io

Most C++ RTOSs I'd call unikernels, just generally targeted to a custom board rather than a VM. But the targeting is a driver issue, not something intrinsic to the architecture.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact