cvs commit: src/sys/kern kern_proc.c
David Cuthbert
dacut at kanga.org
Tue Feb 1 18:44:31 PST 2005
Matthew Dillon wrote:
I think the idea has merit, it just isn't being taken far enough. What
we really want here is a 'virtual machine'. The current jail subsystem
is still sharing the same kernel resources, data space, and code,
and thus could still panic the entire system and could still create
cross-jail security issues.
I'm not comfortable with the idea of substituting VMs for jails. While
they're not entirely orthogonal (a VM could be viewed as a jail with
more separation), I have distinct uses for jails and VMs.
Not so sure that a VM would help with panics. I think you'll just end
up swapping one set of panic-causing bugs for another.
Dave
More information about the Commits
mailing list