Dune provides ordinary user programs with safe and efficient access to privileged CPU features that are traditionally only available to kernels. It does so by leveraging modern virtualization hardware, enabling direct execution of privileged instructions in an unprivileged context. We have implemented Dune for Linux, using Intel's VT-x virtualization architecture to expose access to exceptions, virtual memory, privilege modes, and segmentation. By making these hardware mechanisms available at user-level, Dune creates opportunities to deploy novel systems without specialized kernel modifications.
git clone https://github.com/project-dune/dune.gitFor instructions on how to compile and install Dune please see the README file included in the top-level directory of the source tree.
We require Intel x86 CPUs with support for VT-x and EPT. Typically this includes Nehalem and later. We also require recent Linux kernels operating in 64-bit mode. Both of these requirements can be verified by running the script we provide in the root of our source tree called dune_req.sh.
No. Normal apps can run as usual. Only apps that use Dune will be affected. Dune apps and regular apps can run together on the same machine.
No. Dune is designed to only expose privileged CPU features in a safe fashion. The Dune kernel module ensures that processes can only access the same memory that would normally be available to them under Linux. Moreover, processes can not use Dune to access peripherals or other DMA-capable devices. See our paper for details.