DragonFly BSD
DragonFly commits List (threaded) for 2005-02
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]

Re: cvs commit: src/sys/kern kern_proc.c

From: David Rhodus <sdrhodus@xxxxxxxxx>
Date: Tue, 1 Feb 2005 13:38:16 -0500

On Tue, 1 Feb 2005 10:32:24 -0800 (PST), Matthew Dillon
<dillon@xxxxxxxxxxxxxxxxxxxx> wrote:
> :While Paul's suggestion was obviously in jest, I'd have to say that it's
> :probably *not* a good idea to implement it, regardless of the expense,
> :unless it can be demonstrated that this can somehow reveal privileged
> :information.  This would defeat programs (e.g., sendmail) which attempt
> :to back off when system load gets too high.
> :
> :Dave
>     I think the idea has merit, it just isn't being taken far enough.  What
>     we really want here is a 'virtual machine'.  The current jail subsystem
>     is still sharing the same kernel resources, data space, and code,
>     and thus could still panic the entire system and could still create
>     cross-jail security issues.
>     But when it comes right down to it it should be possible to run pretty
>     much the entire kernel, minus the device drivers, as a user level process.
>     All we really need is some way to manage the VM space for the 'user'
>     processes and route system call requests for those processes to the
>     simulated kernel rather then the real kernel.
>     This would be a worthy goal.  I think also very doable... and a very, very
>     powerful tool.
>                                         -Matt

I think I would rather just use Xen.

                                            Steven David Rhodus

[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]