cvs commit: src/sys/kern kern_proc.c

David Cuthbert dacut at kanga.org
Tue Feb 1 18:44:31 PST 2005


Matthew Dillon wrote:
    I think the idea has merit, it just isn't being taken far enough.  What
    we really want here is a 'virtual machine'.  The current jail subsystem
    is still sharing the same kernel resources, data space, and code,
    and thus could still panic the entire system and could still create 
    cross-jail security issues.
I'm not comfortable with the idea of substituting VMs for jails.  While 
they're not entirely orthogonal (a VM could be viewed as a jail with 
more separation), I have distinct uses for jails and VMs.

Not so sure that a VM would help with panics.  I think you'll just end 
up swapping one set of panic-causing bugs for another.

Dave





More information about the Commits mailing list