1. 13
  1.  

  2. 3

    I guess that’s an important step to an actual “containerization” offered by Docker. I’ve never given too much attention to Unikernels, but now it’s getting pretty interesting. Projects like Tor, Qubes OS and even Mirage OS could take many different advantages that Docker gives, and I would like to see how ARM-based SoCs will explore that kind of “virtualization”.

    1. 2

      I understand Unikernels in the context of VMs, but what are they in the context of a container? Isn’t a container just running a process in some more secure context? What do Unikernels offer containers?

      1. 11

        Full circle. Containers are like VMs without kernels. Now we are putting kernels into containers.

        VM - kernel + kernel = bold new vision for the future.

        1. 1

          A unikernel isn’t like the kernel in a VM - it’s not separate from the process.

        2. 1

          Much smaller interface (and therefore attack surface) between the inside and the outside, but without the overhead of that interface being the x86 interface. I think the distinction between VM and container largely goes away (e.g. if you’re running Xen then you’re still running a full OS in dom0, so it’s largely equivalent to containerization), but that’s fine.

          1. 1

            If I understand this post correctly http://unikernel.org/blog/2015/unikernels-meet-docker/ it sounds like you can now use Docker to build applications composed of containers running a conventional OS, Rumprun unikernels or langauge specific unikernels like Mirage.