Yes,
thanks, I have installed Mirage Firewall.
Some more info that might interest people here. I got some answers from a developer of stage1-xen rkt:
https://github.com/rkt/stage1-xen/issues/1#issuecomment-356764768
Also in December Xen launched a new initiative for unikernals, called unikraft. This is an initiative to make a standard for unikernels that makes development and deployment of them easier:
https://www.xenproject.org/developers/teams/unikraft.html
Im looking forward to a time where most things in Qubes will be running in unikernels rather than in full Linux.
Imagine having a unikernel that does all sanitation and validation of data that gets sent cross domain, well documented, tested written in Rust for performance and safety, with a whitelist approach, rather than all of those python, bash and C scripts doing their own sanitation and validation.
It would be much more sane in terms of security, much easier to audit, ...
What about wayland in a unikernel, the graphics drivers, ...?