On 30 May 2013 08:46, Stefan Hajnoczi <stefa...@gmail.com> wrote: > No, it's still security critical. If there were equivalent solutions > with better security then I'm sure people would accept them. It's > just that there isn't an equivalent solution yet :). >
Security-wise this is where I would like to be in the long term: 1. Userspace switch running non-root. 2. Shared memory mappings with VMs for exactly the memory that will be used for packet buffers. (They could map it from me...) 3. IOMMU access to exactly the PCI devices under the switch's control. Again my perspective is pretty hardware-centric rather than kernel-centric i.e. I'm thinking more in terms of MMU/IOMMU than Unix system calls and permissions. Short-term agenda is to build something good enough that people will _want_ to spend the energy to make it highly secure (and highly portable, etc). So I run as root and use every trick in the sysfs book.
