write news article about virtual kernel
Matthew Dillon
dillon at apollo.backplane.com
Tue Jan 30 11:05:31 PST 2007
:That's what I was saying: It's a debugging tool to develop a driver,
:and once it's "done", it can just be loaded into the host kernel
:instead of the virtual kernel. If that virtual kernel is there for the
:express purpose of hosting drivers and not untrusted processes and
:users, then security isn't any worse than keeping it in the host
:kernel. Maybe it's even more secure if a buggy driver which could have
:taken over the kernel will instead only take over the virtual kernel,
:or (more likely) fail entirely and get a segfault. It has practical
:uses if the use-case of sandboxing processes is kept well separate
:from sandboxing drivers, but yes, it does have to be implemented well
:to be useful at all even for debugging.
:
:---
:Dmitri Nikulin
I think it would be useful too, but I also think someone else
will have to take up the ball on implementing it. I've done the
hardest part... making the vkernel work in the first place. Now
hopefully those with an interest in expanding it will start
working on it :-)
-Matt
More information about the Users
mailing list