On Wed, Nov 20, 2013 at 1:03 PM, Miroslav Lachman <000.f...@quip.cz> wrote:
> Bruno Lauzé wrote: > >> >> Using jails, customers are uncomfortable with the fact documents can be >> accessed from the host with root access.Project VPS seems to isolate more >> the guest from the host but not as well as an hypervisor like bhyve. With >> an hypervisor what the client have is private, as long as the host can >> manage the disk, delete it, but the information is kept private from the >> host. >> Any suggestions how to offer jail, vps, or anything containers techniques >> with total file system isolation from the host, or the only way is to go >> hypervisor, with the performance and instances count penalty that goes with >> it? >> > > There is the same problem with all hypervisors. Nothing prevents > hypervisor admin to do a snapshot image and mount it as another disk to > other OS and access the data. > So nothing is private at this virtualisation level. (without encrypted > disks) To make matters worse many hypervisors (including bhyve) use raw image files (in bhyve's case md(4) mountable ones) _______________________________________________ freebsd-virtualization@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization To unsubscribe, send any mail to "freebsd-virtualization-unsubscr...@freebsd.org"
