On Mon, 7 Nov 2011, Sasha Levin wrote:
Yup, but you must somehow communicate with the master process, and this is currently missing from the lguest implementation since everything is shared (vm + fds). If you simply unshare it, you must have a different method of talking with the master process. I suggested doing it using unix sockets, and am wondering how Rusty did it in his patch.
The model I've heard people talk about is using seccomp which can be used for any IPC that works with file descriptors.
Pekka -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
