What does HackerNews think of qubes-mirage-firewall?

Ask HN: Examples of Microkernels? | Oct 2022

Here's one that is "production" ready: the Mirage-Firewall microkernel built using MirageOS and running on Qubes OS.[0] In general MirageOS allows you to:

> ... construct unikernels for secure, high-performance network applications across a variety of cloud computing and mobile platforms. Code can be developed on a normal OS such as Linux or macOS, and then compiled into a fully-standalone, specialised unikernel that runs under a Xen or KVM hypervisor.[1]

[0] : https://github.com/mirage/qubes-mirage-firewall

[1] : https://mirageos.org/

Qubes OS: A reasonably secure operating system | Mar 2022

Expand Context ↕

sys-net, sys-firewall and other administrative vms should slowly migrate to unikernels instead of running linux, which should help with ram usage. The mirage.io project seems to build a couple qubes vms, for example https://github.com/mirage/qubes-mirage-firewall is a firewall which they indicate to give 64Mb of ram.

edit: maybe i'm being a bit optimistic for sys-net, which is the vm hosting the driver for the network card: these drivers are included in the linux tree and would need to be extracted and packaged into an unikernel. But for every non-driver vm it "should be easy" to get an unikernel implementation (drivers for paravirtual devices are easy to write).

A unikernel firewall for QubesOS (2016) | Feb 2020

Expand Context ↕

Indeed. The project has since moved under the mirage org on GitHub, and now has several contributors:

https://github.com/mirage/qubes-mirage-firewall