On 11/20/13, 10:03 AM, Miroslav Lachman wrote:
Bruno Lauzé wrote:
Using jails, customers are uncomfortable with the fact documents
can be accessed from the host with root access.Project VPS seems to
isolate more the guest from the host but not as well as an
hypervisor like bhyve. With an hypervisor what the client have is
private, as long as the host can manage the disk, delete it, but
the information is kept private from the host.
Any suggestions how to offer jail, vps, or anything containers
techniques with total file system isolation from the host, or the
only way is to go hypervisor, with the performance and instances
count penalty that goes with it?
There is the same problem with all hypervisors. Nothing prevents
hypervisor admin to do a snapshot image and mount it as another disk
to other OS and access the data.
So nothing is private at this virtualisation level. (without
encrypted disks)
and even then that is not true because root of the host system can
recover the disk contents if he knows where to get the key from.
(terminal snooping etc.)
Miroslav Lachman
_______________________________________________
freebsd-virtualization@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization
To unsubscribe, send any mail to
"freebsd-virtualization-unsubscr...@freebsd.org"
_______________________________________________
freebsd-virtualization@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization
To unsubscribe, send any mail to
"freebsd-virtualization-unsubscr...@freebsd.org"
