A sandboxed execution environment for unikernels
Bug fixes:
New features:
Bug fixes:
New features:
Bug fixes:
HVT_HYPERCALL_POLL
. On Linux hosts, if solo5_yield()
was
called with a deadline that has already passed and the unikernel was not using
any network devices then the underlying hypercall would hang forever. Not
known to affect any existing code in production. (#460)Other notable changes:
Known issues:
Acknowledgements:
This release updates the Genode and Muen bindings, and fixes the following notable issues:
New features:
Apart from that, this release contains documentation updates and the "hvt" tender on the aarch64 architecture is now considered production-quality.
This release fixes further OPAM/MirageOS installation problems found by CI, and the following build problems:
No functional changes.
This release fixes OPAM/MirageOS installation problems found by CI. No functional changes.
Additionally, the following entry was missed from the changes for 0.6.0:
This is a major feature release which introduces the concept of an "application manifest", which enables support for multiple network and block devices.
This release removes the compile-time specialization of the "hvt" tender. While this was a nice experiment, it is not practical for real-world deployment scenarios where it is expected that the party supplying the tender (i.e. the operator / user) will be different to the party supplying the unikernel (i.e. the developer).
Due to these and other changes, both the public Solo5 APIs (as defined and documented in solo5.h) and internal tenders/bindings ABI have changed. Likewise, the build process for Solo5-based unikernels has changed, and downstream projects will need to be updated.
Please refer to the following list of changes and the Solo5 documentation in docs/ for details.
New features:
Security improvements:
Other changes:
solo5_set_tls_base()
API has been added to give language runtimes that
wish to manipulate the architecture-specific TLS base register an interface
for it._Static_assert()
.Known issues:
Acknowledgements:
Thanks to the following new contributors to this release:
And finally, a special thank you to C For C's Sake (@cfcs) for extensive code review.
This release introduces experimental support for the Genode Operating System Framework as a target for Solo5-based unikernels, and basic support for dropping "root" privileges in the "hvt" tender on FreeBSD and OpenBSD.
Other changes:
Acknowledgements:
Thanks to the following new contributors to this release:
This release is a major restructuring and renaming of Solo5 components, primarily to reflect that the "ukvm monitor" is no longer specific to the KVM hypervisor and to allow for future development of further targets and tenders enabling different sandboxing technologies.
Major changes:
kernel/X
: Moved to bindings/X
, now referred to as the "Solo5 bindings for X". Build products are now named bindings/X/solo5_X.o
.
kernel/solo5.h
: Moved to include/solo5/solo5.h
.tenders/hvt/
.
ukvm-configure
: Now named solo5-hvt-configure
.ukvm-bin
: Now named solo5-hvt
.ukvm/ukvm_guest.h
: Renamed to include/solo5/hvt_abi.h
.ukvm%d
to solo5-%d
, with %d
being the PID of the solo5-hvt
tender.core.ukvm.%d
to core.solo5-hvt.%d
.solo5-run-virtio
and solo5-mkimage
: Renamed to solo5-virtio-run
and solo5-virtio-mkimage
respectively.solo5-kernel-X
to solo5-bindings-X
, accounting for the change from ukvm
to hvt
. Full details of the impact of this change on existing Mirage/Solo5 installations will be provided separately as part of a MirageOS release.For further details please refer to the discussion and commits merged as part of #274.
Other changes: