How does the system tolerate vulnerabilities outside the TCB? I thought unikernels often didn't have protections that would shield a TCB from app vulnerabilities.
Hi, no, the statement wasn't to isolate the kernel code from the application, since it's all in the same address space. Instead, it's to reduce the possibility of bugs (but again, not in the application), and reduce the vectors for attack in the underlying stack. For separating the application from the kernel (and from components within the kernel, since Unikraft is modular) we are doing further work called FlexOS, based on Unikraft, and to appear soon at the ASPLOS conference[0]; a short version of the paper appeared at HotOS [1].
what are you trying to protect the kernel for if it only hosts in the single application? are you assuming that local root has some distinguished privilege outside this box?
