On Wed, Nov 20, 2013 at 12:55 PM, Bruno Lauzé <brunola...@msn.com> wrote: > > Using jails, customers are uncomfortable with the fact documents can be > accessed from the host with root access.Project VPS seems to isolate more the > guest from the host but not as well as an hypervisor like bhyve. With an > hypervisor what the client have is private, as long as the host can manage > the disk, delete it, but the information is kept private from the host. > Any suggestions how to offer jail, vps, or anything containers techniques > with total file system isolation from the host, or the only way is to go > hypervisor, with the performance and instances count penalty that goes with > it?
Untrusted hypervisors is an active area of academic research. However, any such scheme requires additional hardware support. If you are interested I can give you some papers to look at. -- Eitan Adler _______________________________________________ firstname.lastname@example.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization To unsubscribe, send any mail to "freebsd-virtualization-unsubscr...@freebsd.org"