[9dev]

What is the benefit over using containers, as in Docker? Whether you use a container runtime or an actual hypervisor comes down to pretty much the same thing, operationally. Both keep your self-contained services alive and distributed. From the application perspective, a container also contains only those parts of an OS the app actually needs, and defers everything else to the host. The only caveat about MirageOS seems to be that your applications need to be written in OCaml, which is a neat language and all, but certainly not mainstream…

[fhuici]

At least for cloud deployments you'll (for almost all cases) already have a hypervisor underneath to provide strong isolation. With that in place, ideally you'd run your application (ultimately the only thing you care about) as close to that hypervisor as possible. Instead, we have hypervisor, and then inside the VM the (say Linux) kernel, user-space, the container runtime, and finally the application.

With a unikernel the stack becomes hypervisor and a VM that has a very thin layer and then the application -- as close to the application running on the hypervisor as possible. This results in lots of gains in terms of minimal cold boot times, memory usage, server density (thousands on a single server), etc.

In fact, you don't need to see containers and unikernels as an either or choice: in fact, at Unikraft (another unikernel project) for development and local deployment we have support for Docker/Dockerfiles -- and then for deployment we provide a lean unikernel as described above.

Hope this clarifies things somewhat.

[trenchgun]

Docker Desktop uses Mirage OS behind the hood: https://mirage.io/blog/2022-04-06.vpnkit

[gizmo]

It makes no sense for a microservice that does one simple thing to run on top of 10 million lines of 90s C code. Especially since a lot of that code has to do with hardware quirks that don’t exist in a hypervised environment.

[Veserv]

A hypervised environment also has 10 million lines of 90s C code with a lot of code dealing with hardware quirks, it is called the hypervisor.

You are right that it makes no sense to have a hypervisor, OS, and application. The hypervsior and OS are basically doing the same job. But the solution is not bare metal + hypervisor + device drivers + hypervisor services + library OS + application like a unikernel design. It is bare metal + OS + device drivers + OS services + application like a container design.