Linux as a Library: Unikernels are Coming

If you think about it, an operating system kernel is really just a very powerful shared library that offers services to many programs. Of course, it is a very powerful library, but still — its main purpose is to provide services to programs. Your program probably doesn’t use all of the myriad services the kernel provides. Even a typical system might not fully use all the things that are in a typical kernel. Red Hat has a new initiative to bring a technology called unikernels to the forefront. A unikernel is a single application linked with just enough of the kernel for it to execute. As you might expect, this can result in a smaller system and better security.

It can also lead to better performance. The unikernel doesn’t have to maintain devices and services that are not used. Also, the kernel and the application can run in the same privilege ring. That may seem like a security hole, but if you think about it, the only reason a regular kernel runs at a higher privilege is to protect itself from a malicious application modifying the kernel to do something bad to another application. In this case, there is no other application.

This isn’t a new idea. Embedded operating systems have long built the application in with the kernel. However, Red Hat wants to bring Linux and open community into the unikernel landscape. The idea is that unlike other projects, this one will be based on Linux that is actively developed and maintained. According to Red Hat, previous systems either didn’t use Linux or mutated Linux to the point that it no longer benefits from the Linux community’s development efforts.

Linux has wormed its way into many embedded systems and it is easy to see how a unikernel would be handy for that or for some network appliances. Of course, you could always use aclassic RTOS. For some applications, you might even consider just a basic framework like Mongoose .