We are pleased to announce the release of MirageOS 3.6.0. This release updates MirageOS to support Solo5 0.6.0 and later.
- Support for the Solo5
spt(sandboxed process tender) target via
mirage configure -t spt. The
spttarget runs MirageOS unikernels in a minimal strict seccomp sandbox on Linux
- Support for the Solo5 application manifest, enabling support for multiple network and block storage devices on the
virtiotargets are still limited to using a single network or block storage device.
- Several notable security enhancements to Solo5 targets, such as enabling stack smashing protection throughout the toolchain by default and improved page protections on some targets. For details, please refer to the Solo5 0.6.0 release notes.
Additional user-visible changes:
- Solo5 0.6.0 has removed the compile-time specialization of the
solo5-hvttender. As a result, a
solo5-hvtbinary is no longer built at
mirage buildtime. Use the
solo5-hvtbinary installed in your
$PATHby OPAM to run the unikernel.
mirage buildnow produces silent
ocamlbuildoutput by default. To get the old behaviour, run with
--verboseor set the log level to
- New functions
Mirage_key.is_xen, analogous to
Thanks to @hannes for help with the release engineering for MirageOS 3.6.0.