Re: cvs commit: src/sys/kern kern_proc.c
Matthew Dillon wrote:
> I think the idea has merit, it just isn't being taken far enough. What
> we really want here is a 'virtual machine'. The current jail subsystem
> is still sharing the same kernel resources, data space, and code,
> and thus could still panic the entire system and could still create
> cross-jail security issues.
I'm not comfortable with the idea of substituting VMs for jails. While
they're not entirely orthogonal (a VM could be viewed as a jail with
more separation), I have distinct uses for jails and VMs.
Not so sure that a VM would help with panics. I think you'll just end
up swapping one set of panic-causing bugs for another.
Dave
討論串 (同標題文章)
完整討論串 (本文為第 9 之 10 篇):