[candleknight]

Would unikernels be feasible for online judge platforms (e.g. codeforces, leetcode)? I was thinking something along the lines of: spawning a unikernel for each submission -> running a single file program -> streaming the output back to a server, all in <3s and potentially with multiple submissions running in parallel. I'm fairly new to this, so I'm not sure if that would be overkill.

[j16sdiz]

Yes, it would be overkill.

Online judge platform do a very small subset of problem. You can sandbox it to no network or filesystem accesses, and no syscalls except the few like read/write/select.

[fulafel]

Yes, if your goal is to use unikernels. But if your goal is to pick the best solution for this application, there isn't an obvious advantage for unikernels.

[thethimble]

Why wouldn’t you use a standard container based approach like Docker?

[candleknight]

The last time I tried, it was pretty slow to fire up, especially when I tried to run multiple submissions at once. It's also even more overkill for my use case; I currently use isolate (https://github.com/ioi/isolate) which is just a wrapper around cgroups/namespaces, and it's been a lot faster.

Sidenote: I'm not really looking to replace it, I was just asking out of curiosity since this is my first time hearing of unikernels

[j16sdiz]

> I currently use isolate (https://github.com/ioi/isolate) which is just a wrapper around cgroups/namespaces, and it's been a lot faster.

Yes. This is the fastest you can get.

If you want safer, add pr_set_seccomp _in addition_ to it. but that would be a custom solution.