From owner-freebsd-virtualization@FreeBSD.ORG Sat Feb 8 20:54:26 2014 Return-Path: Delivered-To: freebsd-virtualization@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 0B8986A9 for ; Sat, 8 Feb 2014 20:54:26 +0000 (UTC) Received: from mail-pb0-x229.google.com (mail-pb0-x229.google.com [IPv6:2607:f8b0:400e:c01::229]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id CC7271DA2 for ; Sat, 8 Feb 2014 20:54:25 +0000 (UTC) Received: by mail-pb0-f41.google.com with SMTP id up15so4692953pbc.0 for ; Sat, 08 Feb 2014 12:54:25 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=zMmJ3TOm6TUvDYDAacDbN3U6XEezqOg3nPE14h2lgic=; b=0gggyY9y4CWKnjAYCqeguYsjL9YCBXBkpkWOEj+qxsAHn4Z2bnz89MJ9f0WNMGxRUH 0qCgNUNnzUZnK89SSim9ZC3fV3sEpwW0h3LmjR73UhGs/iOwitIc9gLG7neYgUzadMuG WZ6zXmJDwoOcUJ8AXwQ2prEG2w0QdCMQcGqH2sqaN3jJvOO5D9GtRbDU/ZkLegjLiJXO A6aqEc/eAJP6HS1fIf3dIDyZX5zQan+fxPdfHSAfl3i7QknGejnYW8ucle7a6I7XPahY jvJzCgPPhEx7U8S6ALuQdialSZh4bmMFWcy0hCJSkV4MQFzNG002RIxwVzYG3sulPm9N v1hg== MIME-Version: 1.0 X-Received: by 10.68.176.65 with SMTP id cg1mr28176620pbc.145.1391892865428; Sat, 08 Feb 2014 12:54:25 -0800 (PST) Received: by 10.70.92.71 with HTTP; Sat, 8 Feb 2014 12:54:25 -0800 (PST) In-Reply-To: References: <52F5363D.8040102@freebsd.org> Date: Sat, 8 Feb 2014 14:54:25 -0600 Message-ID: Subject: Re: Report of my virtual network lab migrated from virtualbox to bhyve From: Adam Vande More To: Aryeh Friedman Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.17 Cc: FreeBSD virtualization X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 08 Feb 2014 20:54:26 -0000 On Sat, Feb 8, 2014 at 2:14 PM, Aryeh Friedman wrote: > > > It sounds almost identical to the qcow2 security issue being discussed on > qemu-devel@qemu.org recently. This might be a *HUGE* win for bhyve then > in considering that it's default format is raw (should ahci-hdd be the > default?). devel/qemu (not sure about -dev) uses qcow2 as a default and > when playing with it on other OS's I found that it seemed to default to > that also. It is my understand that most of the open source cloud > platforms use qcow2 as their default also (I remember this from an attempt > to install openstack grizzly last summer... I have not checked havana > though... can any of the freebsd-openstack confirm this?). > I don't consider it a huge win because the possibility of using an insecure device precludes it. Someone high on the tree bhyve needs to confirm or deny this otherwise it is unsafe to recommend bhyve or petitecloud. No offense intended, I really hope it succeeds and will likely use it if it does. I cannot use anything which leaves the host open. I am also unclear on how bhyve bypasses GEOM which *should* prevent any of the symptoms discussed. -- Adam