You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: content/showcase/rusty-hermit/index.md
+8-6Lines changed: 8 additions & 6 deletions
Original file line number
Diff line number
Diff line change
@@ -14,14 +14,14 @@ authors = ["stlankes"]
14
14
15
15
## Virtualization Designs
16
16
17
-
Common virtualized environment based on classical **_virtual machines_**. In this case, complete machines are emulated or virtualized and common operating systems are running on both host and guest site:
17
+
Common virtualized environments are based on classical **_virtual machines_**. In this case, complete machines are emulated or virtualized and common operating systems are running on both host and guest site:
18
18
19
19
20
20
21
21
This technique is established (VMware, Hyper-V, etc.) and widely used. However, it introduces additional overhead especially regarding memory consumption and performance.
22
22
23
-
An alternative approach to common virtual machines is **OS-level
24
-
virtualization**, where the kernel allows the existence of multiple
23
+
An alternative approach to common virtual machines is **_OS-level
24
+
virtualization_**, where the kernel allows the existence of multiple
25
25
isolated user space instances. These isolated instances are also known
26
26
as container. A typical representative is LXC or Docker and promise less
27
27
overhead in comparison to common virtual machines. However, the
@@ -81,10 +81,12 @@ techniques to improve the security behavior like stack guards and
81
81
separating the application stack from the libOS stack. However, a
82
82
library operating system typically uses a common function call to enter
83
83
the kernel. A classical separation of user- and kernel space by
84
-
entering a higher privilege level is missing. We presented in a
84
+
entering a higher privilege level is missing.
85
+
86
+
We presented in a
85
87
[paper](https://www.ssrg.ece.vt.edu/papers/vee20-mpk.pdf) a modified
86
88
version of RustyHermit, which provides an intra-unikernel isolation with
87
-
_Intel Memory Protection Keys_ (MPK). MPK is a relatively new hard-ware
89
+
_Intel Memory Protection Keys_ (MPK). MPK is a relatively new hardware
88
90
primitive that provides per-thread permission control over groups of
89
91
pages in a single address space with [negligible switching overhead](https://www.usenix.org/conference/atc19/presentation/park-soyeon),
90
92
making it a compelling candidate for use in unikernels.
@@ -144,7 +146,7 @@ hermit-sys = "0.1.*"
144
146
features = ["smoltcp"]
145
147
```
146
148
147
-
The feature `smoltcp` is required, if your application tries
149
+
The feature `smoltcp` is required if your application tries
148
150
to establish a TCP connection. In this case, the library operating systems
149
151
includes the TCP/stack [smoltcp](https://github.com/smoltcp-rs/smoltcp).
150
152
In addition _hermit-sys_ depends on the tool [cargo-download](https://crates.io/crates/cargo-download) to download required components and must be installed with the command `cargo install cargo-download`.
0 commit comments