Docker and other Linux container technologies have been incredibly beneficial to the open source cloud community in recent years, but these technologies are not without their downsides. In particular, security is still a major concern in this area, and has so far gone mostly unaddressed. The unikernel is a slightly different approach to solve the same problems as Docker, and they are specialized virtual machine images that are compiled from a modular stack of application code, systems libraries, and configurations. Unikernels only use the software needed to do a specific job, making them very lightweight and efficient. Additionally, unikernels are setup so they can be certified, and they don’t have access to any outside libraries, meaning they can be more secure than Linux container technologies.
There are a number of unikernal projects ongoing, including within the Xen Project, and are a part of an increased focus on using nanoservices that are easier to manipulate
