Massimiliano,
The fact that the core code happens to reside in the kernel has no bearing
on the overall security posture. Developers either do a good job of
isolating guest/host code, or they don't.
As I'm sure you know, xen has had a number of dom0 vm-escape
vulnerabilities in the past year. Dom0/domU inherently offers no more
security than the KVM model. It's all about implementation.
Chris
On February 26, 2017 6:34:48 AM Massimiliano Cuttini <max@xxxxxxxxxxxxx> wrote:
Hi Lindsay,
as far as I know, KVM stand for KERNEL VIRTUAL MACHINES.
When a VM is talking to KVM, in reality it's talking directly to kernel
hypervisor.
There is not any software layering that is running the virtualization
for you.
It's just the kernel.
This means: really high performance (no intermediates) but Kernel
exposed to upstream attacks.
Il 26/02/2017 06:04, Lindsay Mathieson ha scritto:
On 26/02/2017 12:12 AM, Massimiliano Cuttini wrote:
The pity is that is based o KVM, which is as far as I know is a ligth
hypervisor that is not able to isolate the virtual machine properly.
Due to this is possible to frozen the hypervisor kernel from a guest
virtual machine allowing somebody to freeze all your VMs all in once.
Ummmmm ... No. KVM/Qemu is fully virtualised.
_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
