On Wed, Nov 20, 2013 at 12:55 PM, Bruno Lauzé <brunola...@msn.com> wrote:
> Using jails, customers are uncomfortable with the fact documents can be 
> accessed from the host with root access.Project VPS seems to isolate more the 
> guest from the host but not as well as an hypervisor like bhyve. With an 
> hypervisor what the client have is private, as long as the host can manage 
> the disk, delete it,  but the information is kept private from the host.
> Any suggestions how to offer jail, vps, or anything containers techniques 
> with total file system isolation from the host, or the only way is to go 
> hypervisor, with the performance and instances count penalty that goes with 
> it?

Untrusted hypervisors is an active area of academic research.
However, any such scheme requires additional hardware support.

If you are interested I can give you some papers to look at.

Eitan Adler
freebsd-virtualization@freebsd.org mailing list
To unsubscribe, send any mail to 

Reply via email to