Unikernel specializes a minimalistic LibOS and a target application into a standalone single-purpose virtual machine (VM) running on a hypervisor, which is referred to as (virtual) appliance . Compared to traditional VMs, Unikernel appliances have smaller memory footprint and lower overhead while guaranteeing the same level of isolation. On the downside, Unikernel strips off the process abstraction from its monolithic appliance and thus sacrifices flexibility, efficiency, and applicability. In this article, we examine whether there is a balance embracing the best of both Unikernel appliances (strong isolation) and processes (high flexibility/efficiency). We present KylinX, a dynamic library operating system for simplified and efficient cloud virtualization by providing the pVM (process-like VM) abstraction. A pVM takes the hypervisor as an OS and the Unikernel appliance as a process allowing both page-level and library-level dynamic mapping. At the page level, KylinX supports pVM fork plus a set of API for inter-pVM communication (IpC, which is compatible with conventional UNIX IPC). At the library level, KylinX supports shared libraries to be linked to a Unikernel appliance at runtime. KylinX enforces mapping restrictions against potential threats. We implement a prototype of KylinX by modifying MiniOS and Xen tools. Extensive experimental results show that KylinX achieves similar performance both in micro benchmarks (fork, IpC, library update, etc.) and in applications (Redis, web server, and DNS server) compared to conventional processes, while retaining the strong isolation benefit of VMs/Unikernels.

中文翻译：

---

麒麟X

Unikernel 将一个极简的 LibOS 和一个目标应用程序专门化为一个独立的单用途虚拟机 (VM)，运行在一个 hypervisor 上，称为 (virtual)器具. 与传统 VM 相比，Unikernel 设备具有更小的内存占用和更低的开销，同时保证了相同级别的隔离。不利的一面是，Unikernel 剥离了过程从其整体应用中抽象出来，从而牺牲了灵活性、效率和适用性。在本文中，我们检查了是否存在一个平衡，包括最好的 Unikernel 设备（强隔离）和流程（高灵活性/效率）。我们介绍了 KylinX，这是一个动态库操作系统，通过提供 pVM（类似进程的 VM）抽象来简化和高效的云虚拟化。pVM 将管理程序作为操作系统，将 Unikernel 设备作为允许页面级和库级动态映射的进程。在页面层面，KylinX 支持 pVM fork 以及一组用于 pVM 间通信的 API（IpC，与传统的 UNIX IPC 兼容）。在库级别，KylinX 支持在运行时将共享库链接到 Unikernel 设备。KylinX 对潜在威胁实施映射限制。我们通过修改 MiniOS 和 Xen 工具实现了 KylinX 的原型。大量的实验结果表明，与传统进程相比，KylinX 在微基准测试（fork、IpC、库更新等）和应用程序（Redis、Web 服务器和 DNS 服务器）中实现了相似的性能，同时保留了 VM 的强大隔离优势/Unikernels。