DragonFly BSD
DragonFly commits List (threaded) for 2005-02
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]

Re: cvs commit: src/sys/kern kern_proc.c

From: Matthew Dillon <dillon@xxxxxxxxxxxxxxxxxxxx>
Date: Tue, 1 Feb 2005 10:32:24 -0800 (PST)

:While Paul's suggestion was obviously in jest, I'd have to say that it's 
:probably *not* a good idea to implement it, regardless of the expense, 
:unless it can be demonstrated that this can somehow reveal privileged 
:information.  This would defeat programs (e.g., sendmail) which attempt 
:to back off when system load gets too high.

    I think the idea has merit, it just isn't being taken far enough.  What
    we really want here is a 'virtual machine'.  The current jail subsystem
    is still sharing the same kernel resources, data space, and code,
    and thus could still panic the entire system and could still create 
    cross-jail security issues.

    But when it comes right down to it it should be possible to run pretty
    much the entire kernel, minus the device drivers, as a user level process.
    All we really need is some way to manage the VM space for the 'user' 
    processes and route system call requests for those processes to the
    simulated kernel rather then the real kernel.

    This would be a worthy goal.  I think also very doable... and a very, very
    powerful tool.

					Matthew Dillon 

[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]