Mirage – A programming framework for building type-safe, modular systems

I&#x27;m really sold on the idea: Instead of a full-blown OS, you compile your application with a thin layer of support libraries that provide the OS features that your application needs (network, I&#x2F;O) and that talks to a hypervisor.<p>I mean, if your application runs in a virtualized environment, there&#x27;s little need to SSH into the system in the first place (except for debugging purposes). Thus, why bother with a full-blown operating system? In the virtualized case, the true OS logic is in the host OS anyway, talking to the hardware. Cutting out all those superfluous layers in the app VM makes it small, start quickly, and gives less attack surface. Sounds like a win-win to me.<p>In contrast, FreeBSD on Firecracker is a full-blown OS, but boots in 25 milliseconds on the Firecracker hypervisor.

I&#x27;m intrigued but your site gives me little to go on, I feel like I&#x27;m missing a big &quot;what this is&quot; page

What is the benefit over using containers, as in Docker? Whether you use a container runtime or an actual hypervisor comes down to pretty much the same thing, operationally. Both keep your self-contained services alive and distributed. From the application perspective, a container also contains only those parts of an OS the app actually needs, and defers everything else to the host. The only caveat about MirageOS seems to be that your applications need to be written in OCaml, which is a neat language and all, but certainly not mainstream…

Also with a bit living inside Docker.<p><a href="https:&#x2F;&#x2F;mirage.io&#x2F;blog&#x2F;2022-04-06.vpnkit" rel="nofollow noreferrer">https:&#x2F;&#x2F;mirage.io&#x2F;blog&#x2F;2022-04-06.vpnkit</a>

Another one is HalVM [0], for Haskell. Unfortunately it&#x27;s not maintained anymore.<p>[0] <a href="https:&#x2F;&#x2F;github.com&#x2F;GaloisInc&#x2F;HaLVM">https:&#x2F;&#x2F;github.com&#x2F;GaloisInc&#x2F;HaLVM</a>

You can also have a few examples about unikernels here: <a href="https:&#x2F;&#x2F;builds.robur.coop&#x2F;" rel="nofollow noreferrer">https:&#x2F;&#x2F;builds.robur.coop&#x2F;</a>.

The FAQ mentions that this can run in QEMU. Are there cloud providers that support hosting a custom ISO? I feel like that would be hard to secure.

Is this (functionally) similar to CloudCaptain, ex-BoxFuse?<p><a href="https:&#x2F;&#x2F;cloudcaptain.sh&#x2F;" rel="nofollow noreferrer">https:&#x2F;&#x2F;cloudcaptain.sh&#x2F;</a>

Does anyone know if there might be Arm support coming? This strikes me a a nice fit for some single board computers.

Personal pet-peeve (from Requirements page):<p>&gt; (…) They should build on any modern UNIX (or macOS) system with OCaml and OPAM installed. (…)<p>I just checked. MacOS Sonoma is STILL UNIX certified, and I get that wording “any modern UNIX” would not be clear this minor error annoys me.<p>s&#x2F;or MacOS&#x2F;including MacOS&#x2F;

The rough Rust of this is <a href="https:&#x2F;&#x2F;github.com&#x2F;hermit-os&#x2F;hermit-rs">https:&#x2F;&#x2F;github.com&#x2F;hermit-os&#x2F;hermit-rs</a><p>Though last I looked it wasn&#x27;t nearly as mature as MirageOS.

How is this different than running a docker container based on scratch, containing a single statically linked binary?

Is that similar to Firecracker?