I dont think that is insecure. as bhyve can passthrough real device to VM. as your point, that make more insecure, right?
Such configuration will not enable by default. if user intend to do it, system has this ability instead of not implement. Simple is best, less is secure. I know that. but real world has all kinds of requirements. if you provide more, more people using it. On Thu, Mar 19, 2020 at 12:58 PM Jason Tubnor <ja...@tubnor.net> wrote: > > > > On Thu, 19 Mar 2020 at 14:09, Wanpeng Qian <wanpengq...@gmail.com> wrote: >> >> > Can't you do what something like pci_passthru.c does in passthru_init, >> > and open /dev/nvme0 in pci_nvme_init? >> >> Yes, you are correct. but that will make /dev/nvme0 keep open all the time. >> I just thinking when guest fire a logpage command, open the /dev/nvme0 >> and get the SMART info. then close /dev/nvme0. > > > So are you implying that it is safe for a guest to send such a call at > anytime? For those that use bhyve for isolation, this sort of facility would > be problematic not to mention insecure. _______________________________________________ freebsd-virtualization@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-virtualization To unsubscribe, send any mail to "freebsd-virtualization-unsubscr...@freebsd.org"
