zCore
qubes-mirage-firewall
| zCore | qubes-mirage-firewall | |
|---|---|---|
| 2 | 5 | |
| 1,672 | 202 | |
| 1.0% | 0.5% | |
| 0.0 | 7.2 | |
| 29 days ago | 5 days ago | |
| Rust | OCaml | |
| MIT License | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
zCore
qubes-mirage-firewall
-
Is running OpenBSD inside a QUBE as a router/firewall an interesting and good idea?
2) https://github.com/mirage/qubes-mirage-firewall is by far a better firewall for Qubes than OpenBSD ever will be - unikernels are far more secure than a traditional operating system is and you can read all about it on https://mirageos.org/
-
the maddening truth of using Qubes
That's correct. It does mean that the closest to a self-contained program you can run is a unikernel like the mirage-firewall, unfortunately. On the upside, those remain easily portable to essentially anything that can run VMs so long as you adjust the image format.
-
I had to relocate CHUNGUS because of the old warehouse I operate it is being torn down.
That sounds similar to a unikernel. There are actual uses for those in seL4 and Qubes OS such as a firewall-qube (in theory unikernel qubes should be able to take far less system resources to run than full Linux+distro qubes).
-
Ask HN: Examples of Microkernels?
Here's one that is "production" ready: the Mirage-Firewall microkernel running on Qubes OS.[0]
[0] : https://github.com/mirage/qubes-mirage-firewall
-
Qubes OS: A reasonably secure operating system
sys-net, sys-firewall and other administrative vms should slowly migrate to unikernels instead of running linux, which should help with ram usage. The mirage.io project seems to build a couple qubes vms, for example https://github.com/mirage/qubes-mirage-firewall is a firewall which they indicate to give 64Mb of ram.
What are some alternatives?
redox - Mirror of https://gitlab.redox-os.org/redox-os/redox
miragevpn - An opinionated implementation of the OpenVPN protocol
FreeRTOS-Kernel - FreeRTOS kernel files only, submoduled into https://github.com/FreeRTOS/FreeRTOS and various other repos.
qubes-issues - The Qubes OS Project issue tracker
lk - LK embedded kernel
unikraft - FlexOS is a Unikraft-based OS allowing users to easily specialize the safety and isolation strategy at compilation time.
datatype99 - Algebraic data types for C99
unikernels - MirageOS unikernels
darwin-xnu - Legacy mirror of Darwin Kernel. Replaced by https://github.com/apple-oss-distributions/xnu
reason - Simple, fast & type safe code that leverages the JavaScript & OCaml ecosystems
composite - A component-based OS