Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
spacecadet404 17 hours ago

What's the use case for this rather than containers? Separation from the hypervisor kernel?

Imustaskforhelp 17 hours ago | parent | next [-]

Containers (docker/podman) are still not as secure as virtualization (qemu,kvm,proxmox)

Plus these might be smaller and might run faster than containers too.

throwaway894345 15 hours ago | parent | next [-]

Smaller than containers seems unlikely since a container doesn't have any kernel at all, while these microvms have to reproduce at least the amount of kernel they would otherwise need (e.g., a networking stack). I'm sure some will be inclined to compare an optimized microvm to an application binary slapped into an Ubuntu container image, but that's obviously apples/oranges.

Faster might be possible without the context switching between kernel and app? And maybe additional opportunities for the compiler to optimize the entire thing (e.g., LTO)?

justatdotin 3 hours ago | parent [-]

container can be smaller at rest, but larger at runtime

if you're not sure which you want its probably container

m00dy 16 hours ago | parent | prev [-]

yeah it's a fairy tale.

justatdotin 3 hours ago | parent | prev | next [-]

anywhere you want hard isolation and only a subset of OS. especially multiple instances thereof.

so, generally at the edge (gateways, shims, protocol boundaries)

eru 17 hours ago | parent | prev | next [-]

It can be much faster, and much smaller surface area for attacks than using a full Linux kernel.

ahepp 16 hours ago | parent | prev | next [-]

Presumably to avoid the cost of context switches or copying between kernel/user address spaces? Looks to be the opposite of userspace networking like DPDK: kernel space application programming.

ignoramous 15 hours ago | parent | prev [-]

> Separation from the hypervisor kernel?

Not really. Separation from (type 1) hypervisor (or rather distrust of the host [0]) requires hardware support; ex: ARM CCA / AMD SEV-SNP / Intel TDX.

For separation from the supervisor, Android developed a peculiar approach in "pKVM" for ARM where the host (supervisor) is partitioned away from the guest [1].

Both those "separations" is not something Toro provides on its own; the Toro unikernel would totally be under the control of the host, from what I can tell. That said, what Toro (or any unikernel, really) does is reduce the attack surface area, as the (guest) supervisor is pruned to run just one particular application (more code to partition things up will eliminate a class of attacks but may result in new attack vectors [2]).

[0] ex: https://news.ycombinator.com/item?id=44678249

[1] Protected KVM on Arm64: A Technical Deep Dive - Quentin Perret, Google https://www.youtube.com/watch?v=9npebeVFbFw (2023)

[2] Mitigations are attack surface, too https://projectzero.google/2020/02/mitigations-are-attack-su... (2020)