write news article about virtual kernel
Dmitri Nikulin
dnikulin at gmail.com
Sun Jan 28 13:40:48 PST 2007
On 1/28/07, Matthew Dillon <dillon at apollo.backplane.com> wrote:
No. Frankly I do not think it is a good idea to allow any
production virtualization mechanism to ever have direct access
to hardware. It destroys the layering that gives virtualization
stability and security... no matter how good the implement is.
As a debugging tool it might be useful, but that is about as
far as I would ever consider taking it.
That's what I was saying: It's a debugging tool to develop a driver,
and once it's "done", it can just be loaded into the host kernel
instead of the virtual kernel. If that virtual kernel is there for the
express purpose of hosting drivers and not untrusted processes and
users, then security isn't any worse than keeping it in the host
kernel. Maybe it's even more secure if a buggy driver which could have
taken over the kernel will instead only take over the virtual kernel,
or (more likely) fail entirely and get a segfault. It has practical
uses if the use-case of sandboxing processes is kept well separate
from sandboxing drivers, but yes, it does have to be implemented well
to be useful at all even for debugging.
---
Dmitri Nikulin
Centre for Synchrotron Science
Monash University
Victoria 3800, Australia
email: dnikulin at gmail.com
More information about the Users
mailing list