Date: Thu, 21 Nov 2013 12:12:40 -0200 From: Alexandre Biancalana <biancalana@gmail.com> To: Eitan Adler <lists@eitanadler.com> Cc: "freebsd-virtualization@freebsd.org" <freebsd-virtualization@freebsd.org> Subject: Re: VPS / Jail / Bhyve File System isolation Message-ID: <CAGF-nS5Sth20FtS-XGgQf_PkwrKFkCjW0U_SvJEkbxiBg7wX-Q@mail.gmail.com> In-Reply-To: <CAF6rxgmkUnyENS=_y-jCjnQdBqgeDX4K2xJh6SSJ=7syss3T=A@mail.gmail.com> References: <BLU179-W2710DC567151403C38377AC6E60@phx.gbl> <CAF6rxgmkUnyENS=_y-jCjnQdBqgeDX4K2xJh6SSJ=7syss3T=A@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Nov 21, 2013 at 12:48 AM, Eitan Adler <lists@eitanadler.com> wrote: > On Wed, Nov 20, 2013 at 12:55 PM, Bruno Lauz=E9 <brunolauze@msn.com> wrot= e: > > > > Using jails, customers are uncomfortable with the fact documents can be > accessed from the host with root access.Project VPS seems to isolate more > the guest from the host but not as well as an hypervisor like bhyve. With > an hypervisor what the client have is private, as long as the host can > manage the disk, delete it, but the information is kept private from the > host. > > Any suggestions how to offer jail, vps, or anything containers > techniques with total file system isolation from the host, or the only wa= y > is to go hypervisor, with the performance and instances count penalty tha= t > goes with it? > > Untrusted hypervisors is an active area of academic research. > However, any such scheme requires additional hardware support. > > If you are interested I can give you some papers to look at. I'm interested, can you provide the links of the papers ?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAGF-nS5Sth20FtS-XGgQf_PkwrKFkCjW0U_SvJEkbxiBg7wX-Q>