Date: Thu, 21 Nov 2013 14:41:55 -0500 From: Eitan Adler <lists@eitanadler.com> Cc: "freebsd-virtualization@freebsd.org" <freebsd-virtualization@freebsd.org> Subject: Re: VPS / Jail / Bhyve File System isolation Message-ID: <CAF6rxgn7-CTWRDDibe=_1KsCxEumfEKmy2V-kgS4Ls1jLw11=g@mail.gmail.com> In-Reply-To: <CAGF-nS5Sth20FtS-XGgQf_PkwrKFkCjW0U_SvJEkbxiBg7wX-Q@mail.gmail.com> References: <BLU179-W2710DC567151403C38377AC6E60@phx.gbl> <CAF6rxgmkUnyENS=_y-jCjnQdBqgeDX4K2xJh6SSJ=7syss3T=A@mail.gmail.com> <CAGF-nS5Sth20FtS-XGgQf_PkwrKFkCjW0U_SvJEkbxiBg7wX-Q@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Nov 21, 2013 at 9:12 AM, Alexandre Biancalana <biancalana@gmail.com> wrote: > > On Thu, Nov 21, 2013 at 12:48 AM, Eitan Adler <lists@eitanadler.com> wrot= e: >> >> On Wed, Nov 20, 2013 at 12:55 PM, Bruno Lauz=C3=A9 <brunolauze@msn.com> = wrote: >> > >> > Using jails, customers are uncomfortable with the fact documents can b= e >> > accessed from the host with root access.Project VPS seems to isolate m= ore >> > the guest from the host but not as well as an hypervisor like bhyve. W= ith an >> > hypervisor what the client have is private, as long as the host can ma= nage >> > the disk, delete it, but the information is kept private from the hos= t. >> > Any suggestions how to offer jail, vps, or anything containers >> > techniques with total file system isolation from the host, or the only= way >> > is to go hypervisor, with the performance and instances count penalty = that >> > goes with it? >> >> Untrusted hypervisors is an active area of academic research. >> However, any such scheme requires additional hardware support. >> >> If you are interested I can give you some papers to look at. > > > I'm interested, can you provide the links of the papers ? I've replied in private mail. --=20 Eitan Adler
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAF6rxgn7-CTWRDDibe=_1KsCxEumfEKmy2V-kgS4Ls1jLw11=g>