https://lwn.net/Articles/191923/ This is a special feed containing comments posted to the individual LWN article titled "Kernel Summit 2006: Paravirtualization and containers". en-us Thu, 30 Oct 2025 04:13:22 +0000 Thu, 30 Oct 2025 04:13:22 +0000 https://www.rssboard.org/rss-specification lwn@lwn.net https://lwn.net/Articles/192170/ https://lwn.net/Articles/192170/ mp <blockquote>Finally, there was some concern that containers might prove to be a useful tool for rootkit writers. With a bit of effort, a rootkit could put everybody within a container and, thus, easily hide itself.</blockquote> Note that apparently the hardware support for virtualization brings the threat of a <a href="http://theinvisiblethings.blogspot.com/2006/06/introducing-blue-pill.html"> hypervisor-based rootkit</a> without the OS even supporting any kind of virtualization itself. Thu, 20 Jul 2006 18:02:33 +0000 https://lwn.net/Articles/191993/ https://lwn.net/Articles/191993/ dlang I understand the reluctance of the kernel folks to support binary blobs, but the VMI interface is well defined and has many uses with opensouce binary blobs (the examples that were given about things to allow incompatable versions of xen clients and servers should have been opensource, and the one that allows a client-compiled kernel to run on bare hardware should be a trivial opensource one) so I hope they aren't throwing out a useful tool just becouse it can be abused.<br> <p> this seems very similar to the new high-performance syscalls in design, just adapted for the kernel to use to run privilaged commands, and with a tightly specified interface so that it will remain the same across systems (and this isn't just a closed-source thing. different releases of linux kernels have very different internal API's, it's really nice to be able to have different versions of clients on one host, specificly including old versions running on a newer host)<br> Thu, 20 Jul 2006 01:05:24 +0000