Conversation

Jarkko Sakkinen

Edited 1 month ago
I don't like hypervisors where guest is like an extended entity of a process (/dev/kvm).

Or like I get that at a data center where you lease resources but actually the best possible scheme running VM's at home is partitioning.

Good example is creating a VM running Windows with optimal perf, which requires tons of knowledge about even things like huge pages and how to control them and stuff like that. All that complexity comes from melding the process be a bit like a partition of resources instead.

So when this came up, I thought that this is exciting exactly for home use:

https://github.com/siemens/jailhouse

I discovered it, if I recall correctly, OpenSource Summit or Plumbers when the band wagon was at LA 2018. Totally made sense for me because it kind of does of the shelf the best defaults for home use.

I wonder what happened to this project, is it in upstream or doing any progress? Not around a machine with my dev stuff to check this so thus not checking myself :-)
1
1
2
Obviously this has some security advantages too I guess. Given partitioning lot's of cross-VM side-channel scenarios are ruled out. I don't think you can e.g. use any Spectre derivative between two guests in Jailhouse (academic guess, I have not read its source code properly).
0
0
0