Awesome Open Source
Awesome Open Source

RustyHermit - A Rust-based, lightweight unikernel

Slack Status

RustyHermit is a unikernel targeting a scalable and predictable runtime for high-performance and cloud computing. Unikernel means, you bundle your application directly with the kernel library, so that it can run without any installed operating system. This reduces overhead, therefore, interesting applications include virtual machines and high-performance computing.

The kernel is able to run Rust applications, as well as C/C++/Go/Fortran applications.

The repository contains following directories and submodules:

  1. demo is a small demo application based on the data-parallelism library Rayon
  2. hermit-abi contains the platform APIs and builds the interface between library operating system and the application
  3. hermit-sys contains a crate to automate the build process of the library operating systems
  4. libhermit-rs is the kernel itself
  5. netbench provides some basic network benchmarks


RustyHermit is a rewrite of HermitCore in Rust developed at RWTH-Aachen. HermitCore was a research unikernel written in C (libhermit).

The ownership model of Rust guarantees memory/thread-safety and enables us to eliminate many classes of bugs at compile-time. Consequently, the use of Rust for kernel development promises less vulnerabilities in comparison to common programming languages.

The kernel and the integration into the Rust runtime are entirely written in Rust and do not use any C/C++ Code. We extended the Rust toolchain so that the build process is similar to Rust's usual workflow. Rust applications that use the Rust runtime and do not directly use OS services are able to run on RustyHermit without modifications.


Building your own applications

To give you an example on how to build your application with RustyHermit, lets create a new cargo project: A more comprehensive version of the example project is published at rusty-demo.

cargo new hello_world
cd hello_world

To bind the library operating system to the application, add the crate hermit-sys to the dependencies in the file Cargo.toml. It is important to use at least the optimization level 1. Consequently, it is required to extend Cargo.toml with following lines:

# Cargo.toml

[target.'cfg(target_os = "hermit")'.dependencies]
hermit-sys = "0.2.*"

To link the application with RustyHermit, declare hermit_sys an external crate in the main file of your application.

// src/

#[cfg(target_os = "hermit")]
use hermit_sys as _;

fn main() {
        println!("Hello World!");

The final step is building the application as follows:

cargo build -Zbuild-std=std,core,alloc,panic_abort -Zbuild-std-features=compiler-builtins-mem --target x86_64-unknown-hermit

(You can set an easy alias for this in the .cargo/config file. Take a look at the demo)

The resulting "hypervisor-ready" binary then can be found in target/x86_64-unknown-hermit/debug.

Running RustyHermit

RustyHermit binaries can be run on either uhyve or qemu.

Using uhyve as Hypervisor

RustyHermit can run within our own hypervisor uhyve , which requires KVM to create a virtual machine. Please install the hypervisor as follows:

cargo +nightly install uhyve --locked

Afterwards, your are able to start RustyHermit applications within our hypervisor:

uhyve target/x86_64-unknown-hermit/debug/hello_world

More details can be found in the uhyve README.

Using Qemu as Hypervisor

It is also possible to run RustyHermit within Qemu. RustyHermit produces 64-bit binaries, but Qemu's x86 emulation cannot boot them directly. Therefore, the loader rusty-loader is required to boot the application. A prebuilt loader binary can be found at rusty-loader releases.

The unikernel application app can be booted with the following command:

qemu-system-x86_64 -smp 1 \
    -cpu qemu64,apic,fsgsbase,rdtscp,xsave,xsaveopt,fxsr \
    -device isa-debug-exit,iobase=0xf4,iosize=0x04 \
    -display none -m 64M -serial stdio -enable-kvm \
    -kernel path_to_loader/rusty-loader-x86_64 \
    -initrd path_to_app/app

It is important to enable the processor features fsgsbase and rdtscp because it is a prerequisite to boot RustyHermit.

You can provide arguments to the application via the kernel commandline, which you can set with qemu's -append option. Since both the kernel and the application can have parameters, they are separated with --:

qemu-system-x86_64 ... -append "kernel-arguments -- application-arguments"

Using Qemu as microVM

Qemu provides microvm virtual platform, which is a minimalist machine type without PCI nor ACPI support. In comparison to a common hypervisor, it has a clearly smaller memory footprint and a faster boot time. To use this VM type, all default features of RustyHermit has to be disabled (especially PCI and ACPI support). For instance, the following command builds the smallest version of the hello_world example:

cargo build -Zbuild-std=core,alloc,std,panic_abort -Zbuild-std-features=compiler-builtins-mem --target x86_64-unknown-hermit --no-default-features -p hello_world --release

Afterwards, this minimal example can be loaded with the same boot loader like the common Qemu machine type:

qemu-system-x86_64 \
    -M microvm,x-option-roms=off,pit=off,pic=off,rtc=on,auto-kernel-cmdline=off \
    -nodefaults -no-user-config -display none -smp 1 -m 512M -serial stdio \
    -kernel path_to_loader/rusty-loader \
    -initrd path_to_hello_world/hello_world \
    -cpu qemu64,apic,fsgsbase,rdtscp,xsave,xsaveopt,fxsr \
    -device isa-debug-exit,iobase=0xf4,iosize=0x04 \
    -append "-freq 2800"

Depending on the virtualized processor, the processor frequency has to pass as kernel argument (-freq) to the kernel. MHz is used as unit of frequency here.

Kernel features like TCP/IP support can be reenabled manually. For instance, the following command creates a minimal web-server for Qemu's microvm platform:

cargo build -Zbuild-std=core,alloc,std,panic_abort -Zbuild-std-features=compiler-builtins-mem --target x86_64-unknown-hermit --no-default-features --features tcp -p httpd --release

Advanced Features

You are not happy with Hello World yet?

Controlling kernel message verbosity

RustyHermit uses the lightweight logging crate log to print kernel messages. If the environment variable HERMIT_LOG_LEVEL_FILTER is set at compile time to a string matching the name of a LevelFilter, then that value is used for the LevelFilter. If the environment variable is not set, or the name doesn't match, then LevelFilter::Info is used by default, which is the same as it was before.

For instance, the following command builds RustyHermit with debug messages:

HERMIT_LOG_LEVEL_FILTER=Debug cargo build -Zbuild-std=core,alloc,std,panic_abort -Zbuild-std-features=compiler-builtins-mem --target x86_64-unknown-hermit 

Network support

To enable an ethernet device, we have to setup a tap device on the host system. For instance, the following command establish the tap device tap10 on Linux:

sudo ip tuntap add tap10 mode tap
sudo ip addr add broadcast dev tap10
sudo ip link set dev tap10 up
sudo bash -c 'echo 1 > /proc/sys/net/ipv4/conf/tap10/proxy_arp'

Add the feature tcp in the Cargo.toml. This includes the network stack smoltcp and offers TCP/UDP communication. hermi-sys dependency has to be factored out of [target.'cfg(target_os = "hermit")'.dependencies] because it requires features selection for network support to work thus this snippet should be added to Cargo.toml

# Cargo.toml

[target.'cfg(target_os = "hermit")'.dependencies.hermit-sys]
version = "0.2.*"
default-features = false
features = ["tcp", "pci"]

Per default, RustyHermit's network interface uses as IP address, for the gateway and as network mask. The default configuration could be overloaded at compile time by the environment variables HERMIT_IP, HERMIT_GATEWAY and HERMIT_MASK. For instance, the following command sets the IP address to

HERMIT_IP="" cargo build -Zbuild-std=core,alloc,std,panic_abort -Zbuild-std-features=compiler-builtins-mem --target x86_64-unknown-hermit 

Currently, RustyHermit does only support network interfaces through virtio. To use it, you have to start RustyHermit in Qemu with following command:

$ qemu-system-x86_64 -cpu qemu64,apic,fsgsbase,rdtscp,xsave,xsaveopt,fxsr \
        -enable-kvm -display none -smp 1 -m 1G -serial stdio \
        -device isa-debug-exit,iobase=0xf4,iosize=0x04 \
        -kernel path_to_loader/rusty-loader \
        -initrd path_to_app/app \
        -netdev tap,id=net0,ifname=tap10,script=no,downscript=no,vhost=on \
        -device virtio-net-pci,netdev=net0,disable-legacy=on

You can now access the files in SHARED_DIRECTORY under the virtiofs tag like /myfs/testfile.

Use RustyHermit for C/C++, Go, and Fortran applications

If you are interested to build C/C++, Go, and Fortran applications on top of a Rust-based library operating system, please take a look at

Missing features

  • Multikernel support (might be coming)
  • Virtio support (partly available)
  • Network support (partly available)


Please use the Wiki to get further information and configuration options.


RustyHermit is derived from following tutorials and software distributions:

  1. Philipp Oppermann's excellent series of blog posts.
  2. Erik Kidd's toyos-rs, which is an extension of Philipp Opermann's kernel.
  3. The Rust-based teaching operating system eduOS-rs.

HermitCore's Emoji is provided for free by EmojiOne.


Licensed under either of

at your option.


Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.

RustyHermit is being developed on GitHub. Create your own fork, send us a pull request, and chat with us on Slack


The following scientific publications are related to RustyHermit:


The development of this project was partially funded by the European Union’s Horizon 2020 research and innovation programme under grant agreement No 957246 - IoT-NGIN.

Related Awesome Lists
Top Programming Languages
Top Projects

Get A Weekly Email With Trending Projects For These Topics
No Spam. Unsubscribe easily at any time.
Rust (61,591
Rust Lang (61,591
Cloud Computing (29,159
Kernel (21,786
Operating System (15,431
Qemu (2,924
Hypervisor (760
High Performance Computing (337