Patrick MarchandFeb 24, 2025

I didnt know #Nanovms had ported #OpenBSD pledge / unveil to their #unikernel

That's pretty cool

https://nanovms.com/dev/tutorials/applying-sandbox-security-node-js-unikernels-openbsd-pledge-unveil

Applying Sandbox Security to Node.JS Unikernels with OpenBSD Pledge and Unveil

We recently added support for both OpenBSD's pledge and unveil syscalls. The first one can apply security policies for disallowing certain syscalls while the latter one can apply a restricted filesystem view. In this tutorial we'll show you how you can easily apply a sandbox to your prod workloads effortlessly.

jl4 (~(-_( ~_~)_-)~)Jul 20, 2019

The cloud is bloated

Linux wasn't created
for the cloud

Why Unikernels?

Why unikernels? Why not containers? Why not just plain old linux? Valid questions indeed. What we've learned is that these two options simply are not options anymore - not for the cloud
of 2019. Security is a total nightmare while massive amounts of wasted compute are making Jeff Bezos the richest person in the world.

#unikernels #nanovms vs #blabla #cloud ?

https://ops.city

OPS - Easily Build and Run Unikernels

OPS is a unikernel compilation and orchestration tool. It is the only tool that allows instant building and running of raw linux binaries as unikernels.