Martin wrote:
On Wed, 2007-04-04 at 16:34 +0200, Daniel Hokka Zakrisson wrote:
Something is solliciting my curiosity though:
- privacy for guests, which will hide things from xid 1
I am not sure I am found of that "privacy" thing.
That's why it's configurable ;-)
<snip>
Isn't supposed to be able to see everything in the system?
Well, not if you want to protect the guests from the host.
At the risk of sounding ungreatful for all of the hard work done on
vserver - what is the 'use case' for this feature? As I understand it
there is nothing to keep the host from playing with /dev/kmem or
otherwise tampering with the kernel, so I can't see how a feature like
this will provide any strong guarentees; unless heirarchies of contexts
(which would be extreemly cool) are planned. Or is it just intended as
a 'speed bump' / politeness feature?
Of course the host admin can still do whatever she wants, but if you're
in the business of selling truly private guests, i.e. guests without
VXF_STATE_ADMIN (meaning they cannot be administered from the host), a
kernel with privacy enabled, each guest living on an encrypted device
only the guest has access to etc., doing so would probably not be
appreciated by the clientele.
--
Daniel Hokka Zakrisson
_______________________________________________
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
