|
|
Пишет LWN.net (![[info]](http://lj.rossia.org/img/syndicated.gif){kind=small} syn_lwnheadline)@ 2019-05-01 19:30:00 |
 |
|
 |
|
|
|
|
|
|
 |
|
 |
[$] Containers and address space separation
James Bottomley began his talk at the 2019 Linux Storage, Filesystem, and
Memory-Management Summit (LSFMM) by noting that the main opposition to his ideas
was not present at the summit, which was likely to mean the ideas got a much
easier reception than they would have otherwise. In particular, Peter
Zijlstra and Ingo Molnar expressed some strong reservations to the work
that Bottomley's colleague Mike Rapoport posted
recently; none of those three were in attendance at LSFMM. The idea is to
use address spaces to reduce the attack surface available to virtual
machines (VMs) and containers such that kernel bugs of various sorts have
less reach on multi-tenant systems.
James Bottomley began his talk at the 2019 Linux Storage, Filesystem, and
Memory-Management Summit (LSFMM) by noting that the main opposition to his ideas
was not present at the summit, which was likely to mean the ideas got a much
easier reception than they would have otherwise. In particular, Peter
Zijlstra and Ingo Molnar expressed some strong reservations to the work
that Bottomley's colleague Mike Rapoport posted
recently; none of those three were in attendance at LSFMM. The idea is to
use address spaces to reduce the attack surface available to virtual
machines (VMs) and containers such that kernel bugs of various sorts have
less reach on multi-tenant systems.
