cvs commit: src/sys/kern kern_proc.c

David Rhodus sdrhodus at
Tue Feb 1 10:38:51 PST 2005

On Tue, 1 Feb 2005 10:32:24 -0800 (PST), Matthew Dillon
<dillon at xxxxxxxxxxxxxxxxxxxx> wrote:
> :While Paul's suggestion was obviously in jest, I'd have to say that it's
> :probably *not* a good idea to implement it, regardless of the expense,
> :unless it can be demonstrated that this can somehow reveal privileged
> :information.  This would defeat programs (e.g., sendmail) which attempt
> :to back off when system load gets too high.
> :
> :Dave
>     I think the idea has merit, it just isn't being taken far enough.  What
>     we really want here is a 'virtual machine'.  The current jail subsystem
>     is still sharing the same kernel resources, data space, and code,
>     and thus could still panic the entire system and could still create
>     cross-jail security issues.
>     But when it comes right down to it it should be possible to run pretty
>     much the entire kernel, minus the device drivers, as a user level process.
>     All we really need is some way to manage the VM space for the 'user'
>     processes and route system call requests for those processes to the
>     simulated kernel rather then the real kernel.
>     This would be a worthy goal.  I think also very doable... and a very, very
>     powerful tool.
>                                         -Matt

I think I would rather just use Xen.

                                            Steven David Rhodus
                                            <drhodus at xxxxxxxxxxx>

More information about the Commits mailing list