VPS / Jail / Bhyve File System isolation
Alexandre Biancalana
biancalana at gmail.com
Thu Nov 21 14:12:41 UTC 2013
On Thu, Nov 21, 2013 at 12:48 AM, Eitan Adler <lists at eitanadler.com> wrote:
> On Wed, Nov 20, 2013 at 12:55 PM, Bruno Lauzé <brunolauze at msn.com> wrote:
> >
> > Using jails, customers are uncomfortable with the fact documents can be
> accessed from the host with root access.Project VPS seems to isolate more
> the guest from the host but not as well as an hypervisor like bhyve. With
> an hypervisor what the client have is private, as long as the host can
> manage the disk, delete it, but the information is kept private from the
> host.
> > Any suggestions how to offer jail, vps, or anything containers
> techniques with total file system isolation from the host, or the only way
> is to go hypervisor, with the performance and instances count penalty that
> goes with it?
>
> Untrusted hypervisors is an active area of academic research.
> However, any such scheme requires additional hardware support.
>
> If you are interested I can give you some papers to look at.
I'm interested, can you provide the links of the papers ?
More information about the freebsd-virtualization
mailing list