On Mon, 2007-04-09 at 16:05 +0200, Daniel Hokka Zakrisson wrote: > Martin wrote: > > On Wed, 2007-04-04 at 16:34 +0200, Daniel Hokka Zakrisson wrote: > >>> Something is solliciting my curiosity though: > >>> > >>> - privacy for guests, which will hide things from xid 1 > >>> > >>> I am not sure I am found of that "privacy" thing. > >> That's why it's configurable ;-) > > <snip> > >>> Isn't supposed to be able to see everything in the system? > >> Well, not if you want to protect the guests from the host. > > > > At the risk of sounding ungreatful for all of the hard work done on > > vserver - what is the 'use case' for this feature? As I understand it > > there is nothing to keep the host from playing with /dev/kmem or > > otherwise tampering with the kernel, so I can't see how a feature like > > this will provide any strong guarentees; unless heirarchies of contexts > > (which would be extreemly cool) are planned. Or is it just intended as > > a 'speed bump' / politeness feature? > > Of course the host admin can still do whatever she wants, but if you're > in the business of selling truly private guests, i.e. guests without > VXF_STATE_ADMIN (meaning they cannot be administered from the host), a > kernel with privacy enabled, each guest living on an encrypted device > only the guest has access to etc., doing so would probably not be > appreciated by the clientele.
So it is a politeness feature; who's existance is aimed at reassuring users of guests that the hosts admins are behaving themselves. Thanks. Cheers, - Martin _______________________________________________ Vserver mailing list [email protected] http://list.linux-vserver.org/mailman/listinfo/vserver
