From owner-freebsd-virtualization@FreeBSD.ORG  Sat Feb  8 21:07:56 2014
Return-Path: <owner-freebsd-virtualization@FreeBSD.ORG>
Delivered-To: freebsd-virtualization@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id C22D8A84
 for <freebsd-virtualization@freebsd.org>; Sat,  8 Feb 2014 21:07:56 +0000 (UTC)
Received: from mail-pa0-x233.google.com (mail-pa0-x233.google.com
 [IPv6:2607:f8b0:400e:c03::233])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id 8CF4B1F5A
 for <freebsd-virtualization@freebsd.org>; Sat,  8 Feb 2014 21:07:56 +0000 (UTC)
Received: by mail-pa0-f51.google.com with SMTP id ld10so4625041pab.38
 for <freebsd-virtualization@freebsd.org>; Sat, 08 Feb 2014 13:07:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:in-reply-to:references:date:message-id:subject:from:to
 :cc:content-type;
 bh=QgugwZcOvr5+64c4uFVxjuLj36cyJOBfH1Xzo9Ag2/k=;
 b=w16o4F3j2pou1yfV3rEAlVgGQuw5M5wxorcnKPK72Fc+k5FTQ0YPg3oktMHIFkawlT
 5+WhJHYDuZKHbnkzAjkxnblW+CeuQmdrK56NkEFiz9JPXwxtC/cJzjia/DaQxOnhO+Y8
 uU1Lq4eaihSFyjPjC0Im825VVTTW7VoSrmD5vzi9K7TnVgMo9oa2i0x2DT3HpzEQ590M
 FSEPqcLrbbRGFgQ7PXZIrtKy7OMzCwBgBuiuNZbVaVGYk5FyCDEN8CHZhbhxbjfaQufg
 bUHRmUyIl9RSJBGq1QULZ4BvnKjwLgfLc6aXyHWfXBz476q5JMhdSnVYsXVbb7cr9oH2
 kTtw==
MIME-Version: 1.0
X-Received: by 10.66.27.72 with SMTP id r8mr16036753pag.62.1391893676145; Sat,
 08 Feb 2014 13:07:56 -0800 (PST)
Received: by 10.70.92.71 with HTTP; Sat, 8 Feb 2014 13:07:56 -0800 (PST)
In-Reply-To: <CAGBxaXk-hSd5E4QEQfLGfuq3hGKHOY-fpnvbatROOG0qWW0pvA@mail.gmail.com>
References: <CA+q+Tcqw7uHLV3=DeZF4=i0hbmECkPP-d5-4ReSQqKCV-JaJ=Q@mail.gmail.com>
 <52F5363D.8040102@freebsd.org>
 <CA+q+TcrZZb5o51F4pvLtxKM+NvO6SdVEQk_UMLLYSF8JfK6gpg@mail.gmail.com>
 <CA+tpaK2QCoxRocF7=zY3j9VETM7SJqFSVwpFGC0DuPSgFKJwZA@mail.gmail.com>
 <CAGBxaXmgzLncYi-5YPamqXD2nYvHi_eMUGQQe3hDmPEdyxd5+w@mail.gmail.com>
 <CA+tpaK1VEw+RMfqLBukaXXADXtW82gC73TzXtiVGhSc9DrN=Qw@mail.gmail.com>
 <CAGBxaXk=NxY+ENmCaW_GmHJCxYDR1-W-41W__xooTjz=ic1UEg@mail.gmail.com>
 <CA+tpaK3WvyZ2_Y5XunLV57hhwqpDFoRqQSZAxF=SKS4wib0t0A@mail.gmail.com>
 <CAGBxaXmFhZtJECH5-d_nY=e2ek=1ANFTsLTv6EHAFXEA34Cskw@mail.gmail.com>
 <CA+tpaK09B8HAKLdp2EQRgDfON1+-r_Nw6WMJ0ncF1yyW-h-6ig@mail.gmail.com>
 <CAGBxaXk-hSd5E4QEQfLGfuq3hGKHOY-fpnvbatROOG0qWW0pvA@mail.gmail.com>
Date: Sat, 8 Feb 2014 15:07:56 -0600
Message-ID: <CA+tpaK28UTbfSLycR4svYf_YFpX+qaocs6CnverveXMShRPAhA@mail.gmail.com>
Subject: Re: Report of my virtual network lab migrated from virtualbox to bhyve
From: Adam Vande More <amvandemore@gmail.com>
To: Aryeh Friedman <aryeh.friedman@gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
X-Content-Filtered-By: Mailman/MimeDel 2.1.17
Cc: FreeBSD virtualization <freebsd-virtualization@freebsd.org>
X-BeenThere: freebsd-virtualization@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Discussion of various virtualization techniques FreeBSD supports."
 <freebsd-virtualization.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-virtualization>, 
 <mailto:freebsd-virtualization-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-virtualization/>
List-Post: <mailto:freebsd-virtualization@freebsd.org>
List-Help: <mailto:freebsd-virtualization-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization>, 
 <mailto:freebsd-virtualization-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 08 Feb 2014 21:07:56 -0000

On Sat, Feb 8, 2014 at 2:57 PM, Aryeh Friedman <aryeh.friedman@gmail.com>wrote:

>
>
>
> On Sat, Feb 8, 2014 at 3:54 PM, Adam Vande More <amvandemore@gmail.com>wrote:
>
>>
>> On Sat, Feb 8, 2014 at 2:14 PM, Aryeh Friedman <aryeh.friedman@gmail.com>wrote:
>>
>>>
>>> It sounds almost identical to the qcow2 security issue being discussed
>>> on qemu-devel@qemu.org recently.   This might be a *HUGE* win for bhyve
>>> then in considering that it's default format is raw (should ahci-hdd be the
>>> default?).   devel/qemu (not sure about -dev) uses qcow2 as a default and
>>> when playing with it on other OS's I found that it seemed to default to
>>> that also.  It is my understand that most of the open source cloud
>>> platforms use qcow2 as their default also (I remember this from an attempt
>>> to install openstack grizzly last summer... I have not checked havana
>>> though... can any of the freebsd-openstack confirm this?).
>>>
>>
>> I don't consider it a huge win because the possibility of using an
>> insecure device precludes it.  Someone high on the tree bhyve needs to
>> confirm or deny this otherwise it is unsafe to recommend bhyve
>> or petitecloud.  No offense intended, I really hope it succeeds and will
>> likely use it if it does.  I cannot use anything which leaves the host
>> open.  I am also unclear on how bhyve bypasses GEOM which *should* prevent
>> any of the symptoms discussed.
>>
>
> The point was that raw has no issue and this is the default for both bhyve
> and petitecloud (to avoid certain list politics I didn't mention it by name
> before).   Sparse is the issue and thus qemu, openstack and cloudstack (as
> well as likely vbox) are a problem.
>

Yes but bhyve *supports* other backing devices than raw correct?   Then
this really bad.

I don't want a politics game either, just saying you won't get adoption
until security is clear.  I have no problem with you mentioning
petitecloud.  Indeed I think you should but others may disagree.  In your
opinion are ZVOL's a good option?



-- 
Adam