On Mon, 7 Nov 2011, Sasha Levin wrote:
Yup, but you must somehow communicate with the master process, and this
is currently missing from the lguest implementation since everything is
shared (vm + fds).
If you simply unshare it, you must have a different method of talking
with the master process. I suggested doing it using unix sockets, and am
wondering how Rusty did it in his patch.
The model I've heard people talk about is using seccomp which can be used
for any IPC that works with file descriptors.
Pekka
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
