Re: NetBSD's veriexec port

[Stathis Kamperis <ekamperi@xxxxxxxxx>]

2009/10/13 Francois Tigeot <ftigeot@wolfpond.org>:
> On Tue, Oct 13, 2009 at 11:13:54PM +0300, Stathis Kamperis wrote:
>> 2009/10/13 Matthew Dillon <dillon@apollo.backplane.com>:
>> >    I'm only luke-warm on the concept.  I would much rather see improvements
>> >    in the virtual kernel technology w/ regards to ease of use, features,
>> >    and performance.
>>
>> I thought that the vkernel technology was mostly for development. Has
>> this changed or I got it wrong from the beginning ?
>>
>> Do we aim at a "real" virtualisation solution to be used for
>> production purposes ?
>
> Well, I didn't know it wasn't ready for production -- it is used everyday by my
> company to run a java-based pdf generation tool.

A few months ago I suggested at #dragonflybsd in EFNET to bring in
some kind of VM manager for vkernel instances, similar to -say- xend
for xen domains. And I've been told that vkernels are mostly used as
testing containers for dragonfly developers. Anyway, I'm glad that you
are using it succesfully for your production needs!

Regarding the fragmentation of the security space that Matt brought
up, I would call it compertmentalisation. For me, it is better to have
many layers of security that all need to be compromised than a single
central point of failure. I'm not a security expert (hey, I don't even
have a CS degree), so my opinion has ground-level importance.

In conclusion, since there is low interest for such a feature, I
withdraw my proposal and I'm looking into new adventures! Thank you
all for taking time to comment.


Best regards,
Stathis