On Wed, Nov 20, 2013 at 1:03 PM, Miroslav Lachman <000.f...@quip.cz> wrote:

> Bruno Lauzé wrote:
>> Using jails, customers are uncomfortable with the fact documents can be
>> accessed from the host with root access.Project VPS seems to isolate more
>> the guest from the host but not as well as an hypervisor like bhyve. With
>> an hypervisor what the client have is private, as long as the host can
>> manage the disk, delete it,  but the information is kept private from the
>> host.
>> Any suggestions how to offer jail, vps, or anything containers techniques
>> with total file system isolation from the host, or the only way is to go
>> hypervisor, with the performance and instances count penalty that goes with
>> it?
> There is the same problem with all hypervisors. Nothing prevents
> hypervisor admin to do a snapshot image and mount it as another disk to
> other OS and access the data.
> So nothing is private at this virtualisation level. (without encrypted
> disks)

To make matters worse many hypervisors (including bhyve) use raw image
files (in bhyve's case md(4) mountable ones)
freebsd-virtualization@freebsd.org mailing list
To unsubscribe, send any mail to 

Reply via email to