Re: cvs commit: src/sys/kern kern_proc.c
On Tue, 1 Feb 2005 10:32:24 -0800 (PST), Matthew Dillon
<dillon@apollo.backplane.com> wrote:
>
> :While Paul's suggestion was obviously in jest, I'd have to say that it's
> :probably *not* a good idea to implement it, regardless of the expense,
> :unless it can be demonstrated that this can somehow reveal privileged
> :information. This would defeat programs (e.g., sendmail) which attempt
> :to back off when system load gets too high.
> :
> :Dave
>
> I think the idea has merit, it just isn't being taken far enough. What
> we really want here is a 'virtual machine'. The current jail subsystem
> is still sharing the same kernel resources, data space, and code,
> and thus could still panic the entire system and could still create
> cross-jail security issues.
>
> But when it comes right down to it it should be possible to run pretty
> much the entire kernel, minus the device drivers, as a user level process.
> All we really need is some way to manage the VM space for the 'user'
> processes and route system call requests for those processes to the
> simulated kernel rather then the real kernel.
>
> This would be a worthy goal. I think also very doable... and a very, very
> powerful tool.
>
> -Matt
I think I would rather just use Xen.
--
-David
Steven David Rhodus
<drhodus@machdep.com>
討論串 (同標題文章)
完整討論串 (本文為第 8 之 10 篇):