qubes-mirage-firewall
unikraft
qubes-mirage-firewall | unikraft | |
---|---|---|
5 | 2 | |
201 | 18 | |
0.0% | - | |
7.2 | 2.4 | |
11 days ago | 11 months ago | |
OCaml | C | |
- | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
qubes-mirage-firewall
-
Is running OpenBSD inside a QUBE as a router/firewall an interesting and good idea?
2) https://github.com/mirage/qubes-mirage-firewall is by far a better firewall for Qubes than OpenBSD ever will be - unikernels are far more secure than a traditional operating system is and you can read all about it on https://mirageos.org/
-
the maddening truth of using Qubes
That's correct. It does mean that the closest to a self-contained program you can run is a unikernel like the mirage-firewall, unfortunately. On the upside, those remain easily portable to essentially anything that can run VMs so long as you adjust the image format.
-
I had to relocate CHUNGUS because of the old warehouse I operate it is being torn down.
That sounds similar to a unikernel. There are actual uses for those in seL4 and Qubes OS such as a firewall-qube (in theory unikernel qubes should be able to take far less system resources to run than full Linux+distro qubes).
-
Ask HN: Examples of Microkernels?
Here's one that is "production" ready: the Mirage-Firewall microkernel running on Qubes OS.[0]
[0] : https://github.com/mirage/qubes-mirage-firewall
-
Qubes OS: A reasonably secure operating system
sys-net, sys-firewall and other administrative vms should slowly migrate to unikernels instead of running linux, which should help with ram usage. The mirage.io project seems to build a couple qubes vms, for example https://github.com/mirage/qubes-mirage-firewall is a firewall which they indicate to give 64Mb of ram.
unikraft
-
Ask HN: Examples of Microkernels?
It seemed to be in a similar space to Genode when I had a brief look. Is it clear how it compares?
A system that claims to allow you to configure it in microkernel and other modes might be interesting for comparison of the approaches, but I've only noticed it via a local connexion: https://project-flexos.github.io/
-
Unikraft is a fast, secure and open-source Unikernel Development Kit
Thanks for the feedback, we're in the process of adding a security section[0] which will detail more on the on-goings, but we'll work on adding more highlights on the main page.
I need to highlight we have separate research[1][2] which will make its way upstream soon which aims to provide hardening between internal libraries (e.g. isolating the network stack or scheduler) using gates like Intel MPK or separate hardware-accelerated services.
[0]: https://github.com/unikraft/docs/pull/32
[1]: https://project-flexos.github.io/
[2]: https://github.com/project-flexos/unikraft
What are some alternatives?
miragevpn - An opinionated implementation of the OpenVPN protocol
FreeRTOS-Kernel - FreeRTOS kernel files only, submoduled into https://github.com/FreeRTOS/FreeRTOS and various other repos.
qubes-issues - The Qubes OS Project issue tracker
nanos - A kernel designed to run one and only one application in a virtualized environment
unikernels - MirageOS unikernels
docs - The front page and documentation for the Unikraft Open-Source Project.
reason - Simple, fast & type safe code that leverages the JavaScript & OCaml ecosystems
app-click - Click Modular Router on Unikraft
lk - LK embedded kernel
click - The Click modular router: fast modular packet processing and analysis
prometheus - OCaml library for reporting metrics to a Prometheus server
app-llama2-c - Llama 2 Everywhere (L2E)