Orchestration and generation of minimal surface optimized unikernels

What is claimed is: 1 . A non-transitory computer readable medium including instructions that, when executed by at least one processor, cause the at least one processor to perform operations for dynamically configuring and deploying customizable secure wrappers, the operations comprising: identifying a code element; provisioning a first wrapper over an operating system for use in execution of the code element, wherein the first wrapper comprises a software wrapper over the operating system configured to wrap the code element for execution; allowing execution of the code element within the first wrapper; identifying a second wrapper over the operating system for use in execution of the code element, the second wrapper being at least one of: customized for the code element, or selected for the code element; transitioning from the first wrapper to the second wrapper based on a missing ability in the first wrapper; transforming the second wrapper to update its abilities; allowing execution of the code element with the transformed second wrapper; and maintaining the first wrapper and the transformed second wrapper for a set period of time. 2 . The non-transitory computer readable medium of claim 1 , wherein the operations further comprise monitoring execution of the code element. 3 . The non-transitory computer readable medium of claim 2 , wherein the operations further comprise reporting a result of the monitoring to a security application. 4 . The non-transitory computer readable medium of claim 2 , wherein the operations further comprise applying a security policy based on a result of the monitoring. 5 . The non-transitory computer readable medium of claim 1 , wherein the transitioning is performed seamlessly. 6 . The non-transitory computer readable medium of claim 1 , wherein the identification of the second wrapper further comprises developing the second wrapper. 7 . The non-transitory computer readable medium of claim 6 , wherein the development of the second wrapper is performed by beginning with an initial version of the second wrapper and then adding an attribute to the initial version to yield the second wrapper. 8 . The non-transitory computer readable medium of claim 6 , wherein the development of the second wrapper is performed by beginning with an initial version of the second wrapper and then removing an attribute from the initial version to yield the second wrapper. 9 . The non-transitory computer readable medium of claim 6 , wherein the development of the second wrapper is performed by performing a machine learning process to yield the second wrapper. 10 . The non-transitory computer readable medium of claim 6 , wherein the development of the second wrapper is performed by receiving one or more configuration setting selections from a user to yield the second wrapper. 11 . The non-transitory computer readable medium of claim 6 , wherein the development of the second wrapper is performed on a just-in-time basis. 12 . The non-transitory computer readable medium of claim 1 , wherein the identification of the second wrapper further comprises selecting the second wrapper from a repository of previously generated wrappers. 13 . The non-transitory computer readable medium of claim 12 , wherein the selection of the second wrapper is conducted using a machine learning model. 14 . The non-transitory computer readable medium of claim 1 , wherein the first wrapper is a default wrapper. 15 . A computer-implemented method for dynamically configuring and deploying customizable secure wrappers, the method comprising: identifying a code element; provisioning a first wrapper over an operating system for use in execution of the code element, wherein the first wrapper comprises a software wrapper over the operating system configured to wrap the code element for execution; allowing execution of the code element within the first wrapper; identifying a second wrapper over the operating system for use in execution of the code element, the second wrapper being at least one of: customized for the code element, or selected for the code element; transitioning from the first wrapper to the second wrapper based on a missing ability in the first wrapper; transforming the second wrapper to update its abilities; allowing execution of the code element with the transformed second wrapper; and maintaining the first wrapper and the transformed second wrapper for a set period of time. 16 . The computer-implemented method of claim 15 , wherein the transformed second wrapper includes one or more hooks. 17 . The computer-implemented method of claim 16 , wherein the hooks are configured to invoke one or more security policy actions. 18 . The computer-implemented method of claim 15 , wherein the transformed second wrapper is configured with a minimal level of abilities for execution of the code element. 19 . The computer-implemented method of claim 15 , further comprising classifying the code element as untrusted, and conditional on the code element being untrusted, identifying the second wrapper. 20 . The computer-implemented method of claim 15 , further comprising classifying the code element as trusted, and conditional on the code element being trusted, determining not to identify the second wrapper.