From owner-freebsd-virtualization@FreeBSD.ORG Mon Nov 18 11:06:59 2013 Return-Path: Delivered-To: freebsd-virtualization@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id C5493B36 for ; Mon, 18 Nov 2013 11:06:59 +0000 (UTC) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id B4604209D for ; Mon, 18 Nov 2013 11:06:59 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.7/8.14.7) with ESMTP id rAIB6x2m009263 for ; Mon, 18 Nov 2013 11:06:59 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.7/8.14.7/Submit) id rAIB6xxG009261 for freebsd-virtualization@FreeBSD.org; Mon, 18 Nov 2013 11:06:59 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 18 Nov 2013 11:06:59 GMT Message-Id: <201311181106.rAIB6xxG009261@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-virtualization@FreeBSD.org Subject: Current problem reports assigned to freebsd-virtualization@FreeBSD.org X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Nov 2013 11:06:59 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/165252 virtualization[vimage] [pf] [panic] kernel panics with VIMAGE and PF o kern/161094 virtualization[vimage] [pf] [panic] kernel panic with pf + VIMAGE wh o kern/160541 virtualization[vimage][pf][patch] panic: userret: Returning on td 0x o kern/160496 virtualization[vimage] [pf] [patch] kernel panic with pf + VIMAGE o kern/148155 virtualization[vimage] [pf] Kernel panic with PF + VIMAGE kernel opt a kern/147950 virtualization[vimage] [carp] VIMAGE + CARP = kernel crash s kern/143808 virtualization[pf] pf does not work inside jail 7 problems total. From owner-freebsd-virtualization@FreeBSD.ORG Wed Nov 20 17:56:51 2013 Return-Path: Delivered-To: freebsd-virtualization@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 7B74F2A8 for ; Wed, 20 Nov 2013 17:56:51 +0000 (UTC) Received: from blu0-omc4-s36.blu0.hotmail.com (blu0-omc4-s36.blu0.hotmail.com [65.55.111.175]) by mx1.freebsd.org (Postfix) with ESMTP id 499C52D19 for ; Wed, 20 Nov 2013 17:56:51 +0000 (UTC) Received: from BLU179-W27 ([65.55.111.136]) by blu0-omc4-s36.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675); Wed, 20 Nov 2013 09:55:45 -0800 X-TMN: [TcrQpAQ460F3S1AdIi5IBkFWiiVFpXNO] X-Originating-Email: [brunolauze@msn.com] Message-ID: From: =?iso-8859-1?B?QnJ1bm8gTGF1euk=?= To: "freebsd-virtualization@freebsd.org" Subject: VPS / Jail / Bhyve File System isolation Date: Wed, 20 Nov 2013 12:55:45 -0500 Importance: Normal MIME-Version: 1.0 X-OriginalArrivalTime: 20 Nov 2013 17:55:45.0417 (UTC) FILETIME=[BCAA4790:01CEE619] Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.16 X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Nov 2013 17:56:51 -0000 Using jails=2C customers are uncomfortable with the fact documents can be a= ccessed from the host with root access.Project VPS seems to isolate more th= e guest from the host but not as well as an hypervisor like bhyve. With an = hypervisor what the client have is private=2C as long as the host can manag= e the disk=2C delete it=2C but the information is kept private from the ho= st. Any suggestions how to offer jail=2C vps=2C or anything containers techniqu= es with total file system isolation from the host=2C or the only way is to = go hypervisor=2C with the performance and instances count penalty that goes= with it? = From owner-freebsd-virtualization@FreeBSD.ORG Wed Nov 20 18:03:54 2013 Return-Path: Delivered-To: freebsd-virtualization@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 57699429 for ; Wed, 20 Nov 2013 18:03:54 +0000 (UTC) Received: from elsa.codelab.cz (elsa.codelab.cz [94.124.105.4]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 1276A2DA5 for ; Wed, 20 Nov 2013 18:03:53 +0000 (UTC) Received: from elsa.codelab.cz (localhost [127.0.0.1]) by elsa.codelab.cz (Postfix) with ESMTP id 52F1D28426; Wed, 20 Nov 2013 19:03:51 +0100 (CET) Received: from [192.168.1.2] (ip-89-177-49-222.net.upcbroadband.cz [89.177.49.222]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by elsa.codelab.cz (Postfix) with ESMTPSA id 904D82842B; Wed, 20 Nov 2013 19:03:50 +0100 (CET) Message-ID: <528CF986.2000003@quip.cz> Date: Wed, 20 Nov 2013 19:03:50 +0100 From: Miroslav Lachman <000.fbsd@quip.cz> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.9.1.19) Gecko/20110420 Lightning/1.0b1 SeaMonkey/2.0.14 MIME-Version: 1.0 To: =?ISO-8859-1?Q?Bruno_Lauz=E9?= Subject: Re: VPS / Jail / Bhyve File System isolation References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit Cc: "freebsd-virtualization@freebsd.org" X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Nov 2013 18:03:54 -0000 Bruno Lauzé wrote: > > Using jails, customers are uncomfortable with the fact documents can be accessed from the host with root access.Project VPS seems to isolate more the guest from the host but not as well as an hypervisor like bhyve. With an hypervisor what the client have is private, as long as the host can manage the disk, delete it, but the information is kept private from the host. > Any suggestions how to offer jail, vps, or anything containers techniques with total file system isolation from the host, or the only way is to go hypervisor, with the performance and instances count penalty that goes with it? There is the same problem with all hypervisors. Nothing prevents hypervisor admin to do a snapshot image and mount it as another disk to other OS and access the data. So nothing is private at this virtualisation level. (without encrypted disks) Miroslav Lachman From owner-freebsd-virtualization@FreeBSD.ORG Wed Nov 20 19:18:01 2013 Return-Path: Delivered-To: freebsd-virtualization@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 61109E08 for ; Wed, 20 Nov 2013 19:18:01 +0000 (UTC) Received: from vps1.elischer.org (vps1.elischer.org [204.109.63.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 365CB22BA for ; Wed, 20 Nov 2013 19:18:00 +0000 (UTC) Received: from julian-mbp3.pixel8networks.com (50-196-156-133-static.hfc.comcastbusiness.net [50.196.156.133]) (authenticated bits=0) by vps1.elischer.org (8.14.7/8.14.7) with ESMTP id rAKJHrGi005667 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO) for ; Wed, 20 Nov 2013 11:17:54 -0800 (PST) (envelope-from julian@freebsd.org) Message-ID: <528D0ADC.1010600@freebsd.org> Date: Wed, 20 Nov 2013 11:17:48 -0800 From: Julian Elischer User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.1.1 MIME-Version: 1.0 To: freebsd-virtualization@freebsd.org Subject: Re: VPS / Jail / Bhyve File System isolation References: <528CF986.2000003@quip.cz> In-Reply-To: <528CF986.2000003@quip.cz> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Nov 2013 19:18:01 -0000 On 11/20/13, 10:03 AM, Miroslav Lachman wrote: > Bruno Lauzé wrote: >> >> Using jails, customers are uncomfortable with the fact documents >> can be accessed from the host with root access.Project VPS seems to >> isolate more the guest from the host but not as well as an >> hypervisor like bhyve. With an hypervisor what the client have is >> private, as long as the host can manage the disk, delete it, but >> the information is kept private from the host. >> Any suggestions how to offer jail, vps, or anything containers >> techniques with total file system isolation from the host, or the >> only way is to go hypervisor, with the performance and instances >> count penalty that goes with it? > > There is the same problem with all hypervisors. Nothing prevents > hypervisor admin to do a snapshot image and mount it as another disk > to other OS and access the data. > So nothing is private at this virtualisation level. (without > encrypted disks) and even then that is not true because root of the host system can recover the disk contents if he knows where to get the key from. (terminal snooping etc.) > Miroslav Lachman > _______________________________________________ > freebsd-virtualization@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization > To unsubscribe, send any mail to > "freebsd-virtualization-unsubscribe@freebsd.org" > > From owner-freebsd-virtualization@FreeBSD.ORG Wed Nov 20 21:45:36 2013 Return-Path: Delivered-To: freebsd-virtualization@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id D8766B69 for ; Wed, 20 Nov 2013 21:45:36 +0000 (UTC) Received: from mail-pa0-x22e.google.com (mail-pa0-x22e.google.com [IPv6:2607:f8b0:400e:c03::22e]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id B80F92BE5 for ; Wed, 20 Nov 2013 21:45:36 +0000 (UTC) Received: by mail-pa0-f46.google.com with SMTP id kl14so5531515pab.5 for ; Wed, 20 Nov 2013 13:45:36 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=JjVowc1j3REjgGefGNpjW3XOE03qneCPqT104/GbOvE=; b=wkRxJqnczOHPsmDcoroAyTs5n/f8yNhKuask2PgMfjNUFDRQYRW2CIu6xHDK0S3xwF aVliSSjJ7C9YLk486ZSSq4/1LXyslqWWSSmow17qJEpp+FLyNrMdiSWvNya2YzwW7p40 QxO34Qp4YZTVCsePovo3HsUNtKEfppbyKE/wu3O5ddmkdQNEO7uxSO/OeLEohJRJ88QZ gU67HkIPQCkggP6598Bk9inUoVu6LrWc/PhhHxxrnXs9WtdxxpCF6nFcASXx0TIlGAVh Ps3eIi+3xnr4poW/c0MRInq7wSChyohn63Vjsl1O6jTnKdrHh4IFzQJQnDLgt6HD0leR 28Ew== MIME-Version: 1.0 X-Received: by 10.68.226.199 with SMTP id ru7mr2934311pbc.64.1384983936472; Wed, 20 Nov 2013 13:45:36 -0800 (PST) Received: by 10.68.185.130 with HTTP; Wed, 20 Nov 2013 13:45:36 -0800 (PST) Date: Wed, 20 Nov 2013 16:45:36 -0500 Message-ID: Subject: strange error from bhyve From: Aryeh Friedman To: "freebsd-virtualization@freebsd.org" Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.16 X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Nov 2013 21:45:36 -0000 When I run the following script bhyveload exits normally but when bhyve runs I get: Error return from kevent change: Operation not supported by device The script: #!/bin/sh ifconfig tap6000 destroy ifconfig tap6000 create ifconfig tap6000 up sleep 5 ifconfig bridge0 addm tap6000 up /usr/sbin/bhyvectl --vm=7598731650023639040instanceID0 --destroy /usr/sbin/bhyveload -m 1024 -d /vms/dfsdfsf 7598731650023639040instanceID0 /usr/sbin/bhyve -c 0 -m 1024 -AI -H -P -g 0 -s 0:0,hostbridge -s 1:0,virtio-net,tap6000 -s 2:0,virtio-blk,/vms/dfsdfsf -S 31,uart,stdio 7598731650023639040instanceID0& From owner-freebsd-virtualization@FreeBSD.ORG Wed Nov 20 22:15:56 2013 Return-Path: Delivered-To: freebsd-virtualization@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id D2376A78 for ; Wed, 20 Nov 2013 22:15:56 +0000 (UTC) Received: from alto.onthenet.com.au (alto.OntheNet.com.au [203.13.68.12]) by mx1.freebsd.org (Postfix) with ESMTP id 97C592D7F for ; Wed, 20 Nov 2013 22:15:56 +0000 (UTC) Received: from dommail.onthenet.com.au (dommail.OntheNet.com.au [203.13.70.57]) by alto.onthenet.com.au (Postfix) with ESMTPS id 3589E1226A; Thu, 21 Nov 2013 08:15:49 +1000 (EST) Received: from Peter-Grehans-MacBook-Pro-2.local ([64.245.0.210]) by dommail.onthenet.com.au (MOS 4.2.4-GA) with ESMTP id BQE31422 (AUTH peterg@ptree32.com.au); Thu, 21 Nov 2013 08:15:48 +1000 Message-ID: <528D3492.1090807@freebsd.org> Date: Wed, 20 Nov 2013 14:15:46 -0800 From: Peter Grehan User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:24.0) Gecko/20100101 Thunderbird/24.1.0 MIME-Version: 1.0 To: Aryeh Friedman Subject: Re: strange error from bhyve References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-virtualization@freebsd.org X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Nov 2013 22:15:56 -0000 Hi Aryeh, > When I run the following script bhyveload exits normally but when bhyve > runs I get: > > Error return from kevent change: Operation not supported by device Hmmm, I've not seen that before. Are you able to do a build of bhyve and run it in gdb ? > The script: > > #!/bin/sh > > ifconfig tap6000 destroy > ifconfig tap6000 create > ifconfig tap6000 up > sleep 5 > ifconfig bridge0 addm tap6000 up > /usr/sbin/bhyvectl --vm=7598731650023639040instanceID0 --destroy > /usr/sbin/bhyveload -m 1024 -d /vms/dfsdfsf 7598731650023639040instanceID0 > /usr/sbin/bhyve -c 0 -m 1024 -AI -H -P -g 0 -s 0:0,hostbridge -s > 1:0,virtio-net,tap6000 -s 2:0,virtio-blk,/vms/dfsdfsf -S 31,uart,stdio > 7598731650023639040instanceID0& If you want this to run in the background, you may want to take the stdio parameter off the uart device. later, Peter. From owner-freebsd-virtualization@FreeBSD.ORG Thu Nov 21 02:48:37 2013 Return-Path: Delivered-To: freebsd-virtualization@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 53EFB541 for ; Thu, 21 Nov 2013 02:48:37 +0000 (UTC) Received: from mail-qa0-x22d.google.com (mail-qa0-x22d.google.com [IPv6:2607:f8b0:400d:c00::22d]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 158D62B12 for ; Thu, 21 Nov 2013 02:48:37 +0000 (UTC) Received: by mail-qa0-f45.google.com with SMTP id o15so3469621qap.11 for ; Wed, 20 Nov 2013 18:48:36 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=eitanadler.com; s=0xdeadbeef; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:content-transfer-encoding; bh=tt6+RNfxsrugLYt9Gorp1PTjkhlfR9c2qhLfG4HzZHk=; b=bzfo5xgLvu2fcpdbwJBdKL62KC9hiqBdWpfEhuJ9Z+lPGbyWU95Gt3+eXD2N3l5xHk YRHWU/Kyref/KP8H1fJt2tF9FHHxPzJAXSvK/2LiK0KnaGMFs204iwX9n/J2UMVudxD1 vzVUok69iuxqXq+wcuR4tmK5mW+gO2gyeGLns= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type:content-transfer-encoding; bh=tt6+RNfxsrugLYt9Gorp1PTjkhlfR9c2qhLfG4HzZHk=; b=cAzk8wQOcCtkm7LbFqlEBoZzG4BPvP5Qwj+6vo0OFqQ0yDRPinHhJIStldPF92qL4h xvIDBWwXnKc3CAbviyEeNvmiqOTMr6TF25OwUq1E9xDd7JPwCqp4kwW/WqNt3SKIOqvy I5L5/PFdWUdBHRaVI2Ds++TMxSvpka4SRtAXZqk2JxqvgWPjXgcpwcoMfXPyVIOlRMe4 kHHjwU1eT2hHinV+vh+5L/1kuYypv1zCYIGYjg6pebDPL0OeTBeImt9NFfoqthX6mIea /zEjXzihzi8q8La1dfNytFq+U4bOd2g30WiMhN81aXEonf4WM5Ad/J+0NN6Itl7wjedH 068g== X-Gm-Message-State: ALoCoQmGiyBUdxSOQlNvyNjnW1SbALj+vIUyrtqSPCKmUDg7ZR1w7hF+pUmQHb3E4zBa1N8OVns6 X-Received: by 10.49.103.161 with SMTP id fx1mr7273569qeb.68.1385002116152; Wed, 20 Nov 2013 18:48:36 -0800 (PST) MIME-Version: 1.0 Received: by 10.96.63.101 with HTTP; Wed, 20 Nov 2013 18:48:06 -0800 (PST) In-Reply-To: References: From: Eitan Adler Date: Wed, 20 Nov 2013 21:48:06 -0500 Message-ID: Subject: Re: VPS / Jail / Bhyve File System isolation To: =?UTF-8?B?QnJ1bm8gTGF1esOp?= Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Cc: "freebsd-virtualization@freebsd.org" X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Nov 2013 02:48:37 -0000 On Wed, Nov 20, 2013 at 12:55 PM, Bruno Lauz=C3=A9 wro= te: > > Using jails, customers are uncomfortable with the fact documents can be a= ccessed from the host with root access.Project VPS seems to isolate more th= e guest from the host but not as well as an hypervisor like bhyve. With an = hypervisor what the client have is private, as long as the host can manage = the disk, delete it, but the information is kept private from the host. > Any suggestions how to offer jail, vps, or anything containers techniques= with total file system isolation from the host, or the only way is to go h= ypervisor, with the performance and instances count penalty that goes with = it? Untrusted hypervisors is an active area of academic research. However, any such scheme requires additional hardware support. If you are interested I can give you some papers to look at. --=20 Eitan Adler From owner-freebsd-virtualization@FreeBSD.ORG Thu Nov 21 14:12:41 2013 Return-Path: Delivered-To: freebsd-virtualization@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 48A60AB9 for ; Thu, 21 Nov 2013 14:12:41 +0000 (UTC) Received: from mail-vb0-x234.google.com (mail-vb0-x234.google.com [IPv6:2607:f8b0:400c:c02::234]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 08D002A2E for ; Thu, 21 Nov 2013 14:12:40 +0000 (UTC) Received: by mail-vb0-f52.google.com with SMTP id f13so913554vbg.39 for ; Thu, 21 Nov 2013 06:12:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=wAY8vMW0Mf2zjwogpU0vE2FugGW2f9mNgP277fhDMro=; b=zWXv8FcBHD1T06SlmG4KtR9aM64OPYYs5nw/7N5Ok+UnVvemZlI1IhIvQp4Nx2GCAq d5UZ3dak9AHkqGtL2CAsgKtuOFlc9poixAN32XhuJwvt/juETnx+SS6d/qbyXDhYrZUS 2m444+Fa4c+z1cNNLMBCT//Ldxcd1E79tbYYp95C1wMu9/cR5enwEYU/JELqJWcm0Sav eo2wRReV8K2wLVXNKmHA7zaiyBxrSHAoA+8pqjCmMOR1IQYGobVmPd8aeN28A1RKC5dK oRBq/LtpYaJPsNFKaZo8fLyvQfjXYE1iM6iBLiIEDQ9A68VgWSGR+Z+2NyiXwuWfL+5G HISg== MIME-Version: 1.0 X-Received: by 10.58.100.244 with SMTP id fb20mr6085911veb.6.1385043160072; Thu, 21 Nov 2013 06:12:40 -0800 (PST) Received: by 10.58.229.137 with HTTP; Thu, 21 Nov 2013 06:12:40 -0800 (PST) In-Reply-To: References: Date: Thu, 21 Nov 2013 12:12:40 -0200 Message-ID: Subject: Re: VPS / Jail / Bhyve File System isolation From: Alexandre Biancalana To: Eitan Adler Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.16 Cc: "freebsd-virtualization@freebsd.org" X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Nov 2013 14:12:41 -0000 On Thu, Nov 21, 2013 at 12:48 AM, Eitan Adler wrote: > On Wed, Nov 20, 2013 at 12:55 PM, Bruno Lauz=E9 wrot= e: > > > > Using jails, customers are uncomfortable with the fact documents can be > accessed from the host with root access.Project VPS seems to isolate more > the guest from the host but not as well as an hypervisor like bhyve. With > an hypervisor what the client have is private, as long as the host can > manage the disk, delete it, but the information is kept private from the > host. > > Any suggestions how to offer jail, vps, or anything containers > techniques with total file system isolation from the host, or the only wa= y > is to go hypervisor, with the performance and instances count penalty tha= t > goes with it? > > Untrusted hypervisors is an active area of academic research. > However, any such scheme requires additional hardware support. > > If you are interested I can give you some papers to look at. I'm interested, can you provide the links of the papers ? From owner-freebsd-virtualization@FreeBSD.ORG Thu Nov 21 19:42:26 2013 Return-Path: Delivered-To: freebsd-virtualization@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 6BED23DC for ; Thu, 21 Nov 2013 19:42:26 +0000 (UTC) Received: from mail-qc0-x22a.google.com (mail-qc0-x22a.google.com [IPv6:2607:f8b0:400d:c01::22a]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 2B42D2FE3 for ; Thu, 21 Nov 2013 19:42:26 +0000 (UTC) Received: by mail-qc0-f170.google.com with SMTP id e20so170606qcy.29 for ; Thu, 21 Nov 2013 11:42:25 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=eitanadler.com; s=0xdeadbeef; h=mime-version:in-reply-to:references:from:date:message-id:subject:cc :content-type:content-transfer-encoding; bh=eJkWAhmnUnvpmnBeacjOICTsv+b6RSy5FFVhxKF/sLc=; b=V1nQzaT+PrcPPwq6BZiOZuVxCX8ZB8Tg1ccsKS5bsYVpDCxcPK6QlCiyK4ObLh/SPj 3DqZ2PBIQE68EtnHPxxC0htXf+wqguCTNDelz3TZWUH3Kzp8IYCOI0G+A/3JgaM01QUP dXdn9B/OfgHFnOxlLHy9HIgLNTFOQNnSSVjzA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:cc:content-type:content-transfer-encoding; bh=eJkWAhmnUnvpmnBeacjOICTsv+b6RSy5FFVhxKF/sLc=; b=DZYrJGk9FBpqjsnaaUzQ/sUGGXWwBW23jTuUZWf6j/trhon4+fn4PEhUKrziUN3X6M MoO7cj9GBGny4F8RBwPgm04bULdYgL0awu6LgwG4/OWfc/vn12FrG/qlFsb+VXtv4xJ1 4YMDx0awBNS1V+pEJvQQdXfQ3ymTw4L+HlMHB4NCnUdpZiu7AIbVqWmVS4AgNayvf4JZ p1wy8I/86w53eQhSqy8oxBs9jzImTjS9rdtbzzYfsbHvu+7WXHyR6dMmUm07oMULJkvG 8zyGoUit6JVvAiSyAvrUUODZyoJH3CZJ2Bx1tKxfh3LNbvYhLloD3rYA15cmLHLu+Ktc YAPQ== X-Gm-Message-State: ALoCoQle6nRQ2dxNgifz/DtL4YGmeTtv8J+jQJ8cFA7EK3Po6Rtd6OJ8FbtA3JqhkExw23qS3qKJ X-Received: by 10.229.59.66 with SMTP id k2mr14509445qch.3.1385062945365; Thu, 21 Nov 2013 11:42:25 -0800 (PST) MIME-Version: 1.0 Received: by 10.96.63.101 with HTTP; Thu, 21 Nov 2013 11:41:55 -0800 (PST) In-Reply-To: References: From: Eitan Adler Date: Thu, 21 Nov 2013 14:41:55 -0500 Message-ID: Subject: Re: VPS / Jail / Bhyve File System isolation Cc: "freebsd-virtualization@freebsd.org" Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Nov 2013 19:42:26 -0000 On Thu, Nov 21, 2013 at 9:12 AM, Alexandre Biancalana wrote: > > On Thu, Nov 21, 2013 at 12:48 AM, Eitan Adler wrot= e: >> >> On Wed, Nov 20, 2013 at 12:55 PM, Bruno Lauz=C3=A9 = wrote: >> > >> > Using jails, customers are uncomfortable with the fact documents can b= e >> > accessed from the host with root access.Project VPS seems to isolate m= ore >> > the guest from the host but not as well as an hypervisor like bhyve. W= ith an >> > hypervisor what the client have is private, as long as the host can ma= nage >> > the disk, delete it, but the information is kept private from the hos= t. >> > Any suggestions how to offer jail, vps, or anything containers >> > techniques with total file system isolation from the host, or the only= way >> > is to go hypervisor, with the performance and instances count penalty = that >> > goes with it? >> >> Untrusted hypervisors is an active area of academic research. >> However, any such scheme requires additional hardware support. >> >> If you are interested I can give you some papers to look at. > > > I'm interested, can you provide the links of the papers ? I've replied in private mail. --=20 Eitan Adler From owner-freebsd-virtualization@FreeBSD.ORG Thu Nov 21 23:16:36 2013 Return-Path: Delivered-To: freebsd-virtualization@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 28416913 for ; Thu, 21 Nov 2013 23:16:36 +0000 (UTC) Received: from mail-pd0-x231.google.com (mail-pd0-x231.google.com [IPv6:2607:f8b0:400e:c02::231]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 030172F53 for ; Thu, 21 Nov 2013 23:16:35 +0000 (UTC) Received: by mail-pd0-f177.google.com with SMTP id q10so427934pdj.22 for ; Thu, 21 Nov 2013 15:16:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=XJkqxE21eIKWqVzyDO4KUm0qp10xBgnHNPLAFeRrgpM=; b=GpCsJ4m6ao1jKiCQ5NiV3Z23ofJJdUddKv2m+oPLEGy0Ys9cruUqsQKAbaM6YwPGBx 7E0dNcr2K6ueonBZwWzEdibUvso86rYtqJLDQU2WM66FAAoEj0xmlZmG70vPr0wGpRKe ltipE7jLzKoiuXVsnwgQ5UdLoCCOgrOtgQVZv6Ar3/U8EgHnvY3+Vuz+sZTrj1bWvk7M 0xSJBA0DqI5W9+itOvL4pfsuCaIC0AO6AavQX4CuflCvBuvVq11+tS/E57Ot5VToWcK4 nGsJBVn6HC7DBzh8NVJFkKtGlxh8fifENZCx525QLWPIjUG1Yp5eUnXUhbvaRQ/iR3zI r5Jw== MIME-Version: 1.0 X-Received: by 10.69.31.33 with SMTP id kj1mr3798440pbd.187.1385075795645; Thu, 21 Nov 2013 15:16:35 -0800 (PST) Received: by 10.68.185.130 with HTTP; Thu, 21 Nov 2013 15:16:35 -0800 (PST) In-Reply-To: <528CF986.2000003@quip.cz> References: <528CF986.2000003@quip.cz> Date: Thu, 21 Nov 2013 18:16:35 -0500 Message-ID: Subject: Re: VPS / Jail / Bhyve File System isolation From: Aryeh Friedman To: Miroslav Lachman <000.fbsd@quip.cz> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.16 Cc: "freebsd-virtualization@freebsd.org" X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Nov 2013 23:16:36 -0000 On Wed, Nov 20, 2013 at 1:03 PM, Miroslav Lachman <000.fbsd@quip.cz> wrote: > Bruno Lauz=E9 wrote: > >> >> Using jails, customers are uncomfortable with the fact documents can be >> accessed from the host with root access.Project VPS seems to isolate mor= e >> the guest from the host but not as well as an hypervisor like bhyve. Wit= h >> an hypervisor what the client have is private, as long as the host can >> manage the disk, delete it, but the information is kept private from th= e >> host. >> Any suggestions how to offer jail, vps, or anything containers technique= s >> with total file system isolation from the host, or the only way is to go >> hypervisor, with the performance and instances count penalty that goes w= ith >> it? >> > > There is the same problem with all hypervisors. Nothing prevents > hypervisor admin to do a snapshot image and mount it as another disk to > other OS and access the data. > So nothing is private at this virtualisation level. (without encrypted > disks) To make matters worse many hypervisors (including bhyve) use raw image files (in bhyve's case md(4) mountable ones)