On Mon, Mar 26, 2012 at 00:52, intrigeri <[email protected]> wrote: > I'm curious about what resources proved to be limiting during your > experiments, and what "too demanding" means in your usecases.
Well, Intel VT / AMD-V virtualization extensions are rarely available on laptops, and without these extensions (accessible, e.g., via KVM), running a virtualized instance is extremely slow (startup time is also very high if only doing that for specific applications, even with KVM). There are also RAM requirements — how much do you allocate? This needs to be decided in advance, regardless of how much memory the user needs for performing the task in the VM. > I would be happy to learn why you consider this is pointless. Relying on such (intrinsically complex) VM separation for security of specific applications means that you don't trust your system to perform basic tasks like user privileges separation (e.g., when unsafe browser is run under dedicated user credentials). This is somewhat contradictory. For tasks like abstracting network interfaces and other hardware, the user can run everything in a VM by themselves — why force it on everyone? For approaches like Qubes OS, see my comment here: https://forum.dee.su/topic/gui-isolation. -- Maxim Kammerer Liberté Linux (discussion / support: http://dee.su/liberte-contribute) _______________________________________________ tor-talk mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
