Deutsch English Français Italiano |
<c5c74c91b5777ae696f39cead24c05ed@www.novabbs.org> View for Bookmarking (what is this?) Look up another Usenet article |
Path: ...!weretis.net!feeder6.news.weretis.net!i2pn.org!i2pn2.org!.POSTED!not-for-mail From: mitchalsup@aol.com (MitchAlsup1) Newsgroups: comp.arch Subject: Re: Capabilities, =?UTF-8?B?QW55Ym9keT8=?= Date: Mon, 18 Mar 2024 01:29:03 +0000 Organization: Rocksolid Light Message-ID: <c5c74c91b5777ae696f39cead24c05ed@www.novabbs.org> References: <usg40i$1udfo$3@dont-email.me> <usmded$3gibh$1@dont-email.me> <usnid7$3os0b$1@dont-email.me> <usr6na$on7u$1@dont-email.me> <ee1e974410ea3ac4c23593c92c37a3fd@www.novabbs.org> <ussqji$12vjp$1@dont-email.me> <03159371a8f3251ced2cd3be21505896@www.novabbs.org> <usta7f$16buu$2@dont-email.me> <7bd273d4426dbdecfb3c3569506e8fe9@www.novabbs.org> <ustepe$17drt$2@dont-email.me> <fhrIN.127084$TSTa.122122@fx47.iad> <ustlm0$18ma1$2@dont-email.me> <50649a9451e716aab680bdbc1f89b4fb@www.novabbs.org> <U%LIN.411921$vFZa.348262@fx13.iad> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Injection-Info: i2pn2.org; logging-data="2354953"; mail-complaints-to="usenet@i2pn2.org"; posting-account="PGd4t4cXnWwgUWG9VtTiCsm47oOWbHLcTr4rYoM0Edo"; User-Agent: Rocksolid Light X-Rslight-Posting-User: ac58ceb75ea22753186dae54d967fed894c3dce8 X-Spam-Checker-Version: SpamAssassin 4.0.0 X-Rslight-Site: $2y$10$QbXm7pwZXCzZ4nfKAZJl3eHoh5otTwUcJ4aWLK7O6t5w1wHYQDW7y Bytes: 2673 Lines: 26 Scott Lurndal wrote: > mitchalsup@aol.com (MitchAlsup1) writes: >>Lawrence D'Oliveiro wrote: >> >>> On Thu, 14 Mar 2024 00:11:55 GMT, Scott Lurndal wrote: >> >>>> The architectural features supporting virtualization are designed to >>>> isolate guests from both the hypervisor and other guests. >> >>> Providing an entire separate kernel for each VM is often unnecessary. If >>> you need separation at the level of entire subsystems, as opposed to >>> individual processes, then that’s what containers are for. >> >> >>If you are running k Linuxes under a single HyperVisor, you should be able >>to share all the Linux code after giving each of them their own VaS for data. > Bad idea. Single point of failure. Impossible to update one without > updating all. Linux does update code dynamically when loading and > unloading kernel modules. I actually have a 4-level system:: HyperVisor is the only layer that is not allowed to crash (RISC-V calls this machine). Progressing towards less privilege is GuestHV, GuestOS, and Application. Hypervisor provides only memory, timing, and device identification services. GuestHV provides what most would call the HyperVisor, GuestOS woudl be LINUX, and everybody knows what an application is.