LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Qubes, Xen vs containers

Qubes, Xen vs containers

Posted Sep 8, 2012 14:25 UTC (Sat) by davecb (subscriber, #1574)
In reply to: Qubes 1.0 released by einstein
Parent article: Qubes 1.0 released

That was the experience of the Solaris developers: they wanted a secure and lightweight mechanism, so they adapted code that was already in the kernel to provide security isolation and simplified it to produce the appearance of virtual machines.

The initial solaris "zones" were extremely lightweight, since their code paths were already being executed. And they had their security designed in from (before!) the beginning.

They were then extended with resource management to create full "containers".

Right from the beginning, they were simple and elegant, and adding the third generation of resource controls didn't mess them up at all (:-))

From that experience, I think a distribution with Linux containers would be a particularly good base from which to create a secure desktop.

--dave

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds