Linux as a Library: Unikernels are Coming
If you think about it, an operating system kernel is really just a very powerful shared library that offers services to many programs. Of course, it is a very powerful library, but still — its main purpose is to provide services to programs. Your program probably doesn’t use all of the myriad services the kernel provides. Even a typical system might not fully use all the things that are in a typical kernel. Red Hat has a new initiative to bring a technology called unikernels to the forefront. A unikernel is a single application linked with just enough of the kernel for it to execute. As you might expect, this can result in a smaller system and better security.
It can also lead to better performance. The unikernel doesn’t have to maintain devices and services that are not used. Also, the kernel and the application can run in the same privilege ring. That may seem like a security hole, but if you think about it, the only reason a regular kernel runs at a higher privilege is to protect itself from a malicious application modifying the kernel to do something bad to another application. In this case, there is no other application.
This isn’t a new idea. Embedded operating systems have long built the application in with the kernel. However, Red Hat wants to bring Linux and open community into the unikernel landscape. The idea is that unlike other projects, this one will be based on Linux that is actively developed and maintained. According to Red Hat, previous systems either didn’t use Linux or mutated Linux to the point that it no longer benefits from the Linux community’s development efforts.
Linux has wormed its way into many embedded systems and it is easy to see how a unikernel would be handy for that or for some network appliances. Of course, you could always use a classic RTOS. For some applications, you might even consider just a basic framework like Mongoose.
2 thoughts on “Linux as a Library: Unikernels are Coming”
Nice idea, but it won’t catch on due to anything statically linked with the kernel automatically inheriting the GPL.
Needs not to be statically linked. If you are bringing the Linux kernel in, you could pretty well bring a dynamic linker/module loader in one form or another as well. It is not something usually done in a typical RTOS or embedded application, but there we are talking about tiny apps compared to the size of the Linux kernel.
They could also provide a licensing exception similar to how kernel handles the distinction between kernel and user space – ultimately it is all code and function/system calls, so Linus made it explicit that the kernel GPL doesn’t extend beyond the kernel API, regardless how that API is invoked. If you aren’t using the kernel symbols, you aren’t covered by the kernel license. So something like packaging a kernel with an application where the two talk only via the system call API (as they would do in a normal system) would likely be fine.
I am sure the RedHat folks aren’t dumb and they do realize that GPL is a non-starter for this type of embedded code.
Leave a Reply
This site uses Akismet to reduce spam. Learn how your comment data is processed.