Date: Sat, 8 Feb 2014 14:54:25 -0600 From: Adam Vande More <amvandemore@gmail.com> To: Aryeh Friedman <aryeh.friedman@gmail.com> Cc: FreeBSD virtualization <freebsd-virtualization@freebsd.org> Subject: Re: Report of my virtual network lab migrated from virtualbox to bhyve Message-ID: <CA%2BtpaK09B8HAKLdp2EQRgDfON1%2B-r_Nw6WMJ0ncF1yyW-h-6ig@mail.gmail.com> In-Reply-To: <CAGBxaXmFhZtJECH5-d_nY=e2ek=1ANFTsLTv6EHAFXEA34Cskw@mail.gmail.com> References: <CA%2Bq%2BTcqw7uHLV3=DeZF4=i0hbmECkPP-d5-4ReSQqKCV-JaJ=Q@mail.gmail.com> <52F5363D.8040102@freebsd.org> <CA%2Bq%2BTcrZZb5o51F4pvLtxKM%2BNvO6SdVEQk_UMLLYSF8JfK6gpg@mail.gmail.com> <CA%2BtpaK2QCoxRocF7=zY3j9VETM7SJqFSVwpFGC0DuPSgFKJwZA@mail.gmail.com> <CAGBxaXmgzLncYi-5YPamqXD2nYvHi_eMUGQQe3hDmPEdyxd5%2Bw@mail.gmail.com> <CA%2BtpaK1VEw%2BRMfqLBukaXXADXtW82gC73TzXtiVGhSc9DrN=Qw@mail.gmail.com> <CAGBxaXk=NxY%2BENmCaW_GmHJCxYDR1-W-41W__xooTjz=ic1UEg@mail.gmail.com> <CA%2BtpaK3WvyZ2_Y5XunLV57hhwqpDFoRqQSZAxF=SKS4wib0t0A@mail.gmail.com> <CAGBxaXmFhZtJECH5-d_nY=e2ek=1ANFTsLTv6EHAFXEA34Cskw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Feb 8, 2014 at 2:14 PM, Aryeh Friedman <aryeh.friedman@gmail.com>wrote: > > > It sounds almost identical to the qcow2 security issue being discussed on > qemu-devel@qemu.org recently. This might be a *HUGE* win for bhyve then > in considering that it's default format is raw (should ahci-hdd be the > default?). devel/qemu (not sure about -dev) uses qcow2 as a default and > when playing with it on other OS's I found that it seemed to default to > that also. It is my understand that most of the open source cloud > platforms use qcow2 as their default also (I remember this from an attempt > to install openstack grizzly last summer... I have not checked havana > though... can any of the freebsd-openstack confirm this?). > I don't consider it a huge win because the possibility of using an insecure device precludes it. Someone high on the tree bhyve needs to confirm or deny this otherwise it is unsafe to recommend bhyve or petitecloud. No offense intended, I really hope it succeeds and will likely use it if it does. I cannot use anything which leaves the host open. I am also unclear on how bhyve bypasses GEOM which *should* prevent any of the symptoms discussed. -- Adam
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CA%2BtpaK09B8HAKLdp2EQRgDfON1%2B-r_Nw6WMJ0ncF1yyW-h-6ig>