On Sat, Feb 8, 2014 at 2:57 PM, Aryeh Friedman <aryeh.fried...@gmail.com>wrote:

> On Sat, Feb 8, 2014 at 3:54 PM, Adam Vande More <amvandem...@gmail.com>wrote:
>> On Sat, Feb 8, 2014 at 2:14 PM, Aryeh Friedman 
>> <aryeh.fried...@gmail.com>wrote:
>>> It sounds almost identical to the qcow2 security issue being discussed
>>> on qemu-de...@qemu.org recently.   This might be a *HUGE* win for bhyve
>>> then in considering that it's default format is raw (should ahci-hdd be the
>>> default?).   devel/qemu (not sure about -dev) uses qcow2 as a default and
>>> when playing with it on other OS's I found that it seemed to default to
>>> that also.  It is my understand that most of the open source cloud
>>> platforms use qcow2 as their default also (I remember this from an attempt
>>> to install openstack grizzly last summer... I have not checked havana
>>> though... can any of the freebsd-openstack confirm this?).
>> I don't consider it a huge win because the possibility of using an
>> insecure device precludes it.  Someone high on the tree bhyve needs to
>> confirm or deny this otherwise it is unsafe to recommend bhyve
>> or petitecloud.  No offense intended, I really hope it succeeds and will
>> likely use it if it does.  I cannot use anything which leaves the host
>> open.  I am also unclear on how bhyve bypasses GEOM which *should* prevent
>> any of the symptoms discussed.
> The point was that raw has no issue and this is the default for both bhyve
> and petitecloud (to avoid certain list politics I didn't mention it by name
> before).   Sparse is the issue and thus qemu, openstack and cloudstack (as
> well as likely vbox) are a problem.

Yes but bhyve *supports* other backing devices than raw correct?   Then
this really bad.

I don't want a politics game either, just saying you won't get adoption
until security is clear.  I have no problem with you mentioning
petitecloud.  Indeed I think you should but others may disagree.  In your
opinion are ZVOL's a good option?

freebsd-virtualization@freebsd.org mailing list
To unsubscribe, send any mail to 

Reply via email to