Today, I searched for includeOS and I found that it defines itself as a minimal unikernel.
I am wondering what is UniKernel. The wikipedia explanations are not clear enough to me.
Is unikernel an operating system incorporated with a single application for a special purpose similar to embedded systems?
A Unikernel is a special type of a Library OS. A library OS offer all of it's functionality as a libraries, typically linked into the application compile-time.
The distinction is not really clear, but originally when Anil Madhavapeddy coined the term Unikernel he meant a single threaded application, with everything running in single address space, using a library operating system created in a high level, type-safe language, running on a hypervisor.
It should be noted that the IncludeOS project doesn't strictly adhere to the definition. It is written in C++ which isn't type-safe, it supports multiple CPU-cores, threads and boots on bare metal hardware.
I've heard Anil characterize IncludeOS as a Unikernel so I guess he isn't too strict about it.
The motivations writing your application using a Unikernel varies, but mostly it is footprint (unikernels are tiny), performance (function call are faster than system calls) and security.
The gains in security comes from the nature of Unikernels. Unikernels are built as immutable. So if you are building a virtual firewall appliance with a Unikernel the firewall rules should be code and the firewall hardcoded to execute exactly that ruleset. This as opposed to a traditional monolithic kernel where the all the configuration is dynamic.
Unikernels aren't meant to be reconfigured. They are meant to be replaced. So they don't have the features to support reconfiguration which makes them hard to exploit.
"Embedded" does not specify the software architecture, it merely implies software and hardware are packaged together and inseparable from the user's point of view.
In most modern computer systems you would have a processor that allows the first program that runs on it (the OS) to take control over it and than, using that acquired hardware control, allow other programs to run with limited possibilities. It is like a janitor entering a building, grabbing the keys of all the rooms and taking a seat at the facilities control panel. Then he waits for tenants or guests to come in and allow them limited access. He himself has no specific purpose other than managing the building. He just sits there monitoring, handing out and taking back keys and eating donuts.
With a unikernel there is just one program with a dedicated purpose. It is not a general purpose system that allows programs to run, it is a one purpose program that does not allow any other program to run on it. Basically, it is an application without an operating system. The application itself controls the machine, having all the power and access it needs.
It is like one person entering an empty hotel, locking the door behind him, starting the facilities he needs, grabbing the keys to the rooms he wants to access and doing his thing.
In software, the unikernel program will be relatively small compared to a general purpose OS plus a single application because it will only contain those services the application will actually use. And that could be beneficial in an embedded context.
