Online / 5 & 6 February 2022

visit

ToroV, a kernel in user-space, or sort of


This talk presents ToroV, a novel open-source technology that combines virtualization and containerization to enable the execution of users’ applications in a safer and improved manner. In ToroV, applications run as Virtual Machines without the need of an OS, unikernel nor device-model. ToroV combines a minimalist Virtual Machine Monitor and a virtualized guest program communicating through POSIX APIs. When the guest application requires to open or write a file, it just invokes the VMM using hypercalls. The VMM intercepts those hypercalls, processes the request, and returns to the guest. The sysadmin defines the ACL (Access Control List) of authorized hypercall per virtualized guest application. This allows the user to control the host’s surface that is exposed to the guest. In this talk, we propose to present the ToroV architecture together with several ongoing experiments. For example, the minimalist VMM allows us to boot up a VM in KVM in less than 6 ms. Also, we show how we debug guest applications by simply using GDB and the KVM API for debugging. During the talk, we discuss the main differences with unikernels and containers and how ToroV gets the best of both worlds. Also, we present the main differences with gVisor, which is a similar project from Google.

Speakers

Photo of Matias Vara Matias Vara

Links