From owner-freebsd-virtualization@FreeBSD.ORG Sat Feb 8 20:57:28 2014 Return-Path: Delivered-To: freebsd-virtualization@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 57254863 for ; Sat, 8 Feb 2014 20:57:28 +0000 (UTC) Received: from mail-pb0-x22b.google.com (mail-pb0-x22b.google.com [IPv6:2607:f8b0:400e:c01::22b]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 22D5F1DB6 for ; Sat, 8 Feb 2014 20:57:28 +0000 (UTC) Received: by mail-pb0-f43.google.com with SMTP id md12so4672782pbc.30 for ; Sat, 08 Feb 2014 12:57:27 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=dLYF0ElwfAo3QZPumirbPzejxGUi7a3gibebxBqEaKI=; b=tJiz5EnPcpWttSD0c/gt17/u7/HNUfsJQ9F+jgk+c3DW2mnCRNOW9b8Yf5Jma1bpU1 PkpGuXYiYlIpnL+s4eqZ8VUXnssAr0O8NZbLrJmrL5VmTZgZcUGpVtcz7H2VVYTVLNer APZskkyuOMIJdmSd9xmGLmrwyBnR3DhClpUWApcq57lT4MLSoFDdTkYtQwm9pmBomF0n 0ByVSnWtxJbLaJcGBRLYGSmehWKutri/4/nVXwA4cWNcEaw/tyGeKzQrdsX4Otb0PuPf 711ezGuteigLWQYLNPRdRlISXxQ+SW34IUEAcmMbgNVSTl/f9sjoy1qO08KLKtoHJfKt E2Qw== MIME-Version: 1.0 X-Received: by 10.68.64.196 with SMTP id q4mr23767623pbs.100.1391893047725; Sat, 08 Feb 2014 12:57:27 -0800 (PST) Received: by 10.68.155.38 with HTTP; Sat, 8 Feb 2014 12:57:27 -0800 (PST) In-Reply-To: References: <52F5363D.8040102@freebsd.org> Date: Sat, 8 Feb 2014 15:57:27 -0500 Message-ID: Subject: Re: Report of my virtual network lab migrated from virtualbox to bhyve From: Aryeh Friedman To: Adam Vande More Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.17 Cc: FreeBSD virtualization X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 08 Feb 2014 20:57:28 -0000 On Sat, Feb 8, 2014 at 3:54 PM, Adam Vande More wrote: > > On Sat, Feb 8, 2014 at 2:14 PM, Aryeh Friedman wrote: > >> >> It sounds almost identical to the qcow2 security issue being discussed on >> qemu-devel@qemu.org recently. This might be a *HUGE* win for bhyve >> then in considering that it's default format is raw (should ahci-hdd be the >> default?). devel/qemu (not sure about -dev) uses qcow2 as a default and >> when playing with it on other OS's I found that it seemed to default to >> that also. It is my understand that most of the open source cloud >> platforms use qcow2 as their default also (I remember this from an attempt >> to install openstack grizzly last summer... I have not checked havana >> though... can any of the freebsd-openstack confirm this?). >> > > I don't consider it a huge win because the possibility of using an > insecure device precludes it. Someone high on the tree bhyve needs to > confirm or deny this otherwise it is unsafe to recommend bhyve > or petitecloud. No offense intended, I really hope it succeeds and will > likely use it if it does. I cannot use anything which leaves the host > open. I am also unclear on how bhyve bypasses GEOM which *should* prevent > any of the symptoms discussed. > The point was that raw has no issue and this is the default for both bhyve and petitecloud (to avoid certain list politics I didn't mention it by name before). Sparse is the issue and thus qemu, openstack and cloudstack (as well as likely vbox) are a problem. -- Aryeh M. Friedman, Lead Developer, http://www.PetiteCloud.org