Re: [Vserver] [Release] Stable 2.2.0 : where is the changelog?

From: Daniel Hokka Zakrisson <>
Date: Mon 09 Apr 2007 - 15:05:25 BST
Message-ID: <>

Martin wrote:
> On Wed, 2007-04-04 at 16:34 +0200, Daniel Hokka Zakrisson wrote:
>>> Something is solliciting my curiosity though:
>>> - privacy for guests, which will hide things from xid 1
>>> I am not sure I am found of that "privacy" thing.
>> That's why it's configurable ;-)
> <snip>
>>> Isn't supposed to be able to see everything in the system?
>> Well, not if you want to protect the guests from the host.
> At the risk of sounding ungreatful for all of the hard work done on
> vserver - what is the 'use case' for this feature? As I understand it
> there is nothing to keep the host from playing with /dev/kmem or
> otherwise tampering with the kernel, so I can't see how a feature like
> this will provide any strong guarentees; unless heirarchies of contexts
> (which would be extreemly cool) are planned. Or is it just intended as
> a 'speed bump' / politeness feature?

Of course the host admin can still do whatever she wants, but if you're
in the business of selling truly private guests, i.e. guests without
VXF_STATE_ADMIN (meaning they cannot be administered from the host), a
kernel with privacy enabled, each guest living on an encrypted device
only the guest has access to etc., doing so would probably not be
appreciated by the clientele.

Daniel Hokka Zakrisson
Vserver mailing list
Received on Mon Apr 9 16:08:03 2007
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Mon 09 Apr 2007 - 16:08:06 BST by hypermail 2.1.8