By Martin Lucina

MirageOS 3.6.0 release

We are pleased to announce the release of MirageOS 3.6.0. This release updates MirageOS to support Solo5 0.6.0 and later.

New features:

Support for the Solo5 spt (sandboxed process tender) target via mirage configure -t spt . The spt target runs MirageOS unikernels in a minimal strict seccomp sandbox on Linux x86_64 , aarch64 and ppc64le hosts.

(sandboxed process tender) target via . The target runs MirageOS unikernels in a minimal strict seccomp sandbox on Linux , and hosts. Support for the Solo5 application manifest, enabling support for multiple network and block storage devices on the hvt , spt and muen targets. The genode and virtio targets are still limited to using a single network or block storage device.

, and targets. The and targets are still limited to using a single network or block storage device. Several notable security enhancements to Solo5 targets, such as enabling stack smashing protection throughout the toolchain by default and improved page protections on some targets. For details, please refer to the Solo5 0.6.0 release notes.

Additional user-visible changes:

Solo5 0.6.0 has removed the compile-time specialization of the solo5-hvt tender. As a result, a solo5-hvt binary is no longer built at mirage build time. Use the solo5-hvt binary installed in your $PATH by OPAM to run the unikernel.

tender. As a result, a binary is no longer built at time. Use the binary installed in your by OPAM to run the unikernel. mirage build now produces silent ocamlbuild output by default. To get the old behaviour, run with --verbose or set the log level to info or debug .

now produces silent output by default. To get the old behaviour, run with or set the log level to or . New functions Mirage_key.is_solo5 and Mirage_key.is_xen , analogous to Mirage_key.is_unix .

Thanks to Hannes Mehnert for help with the release engineering for MirageOS 3.6.0.