From mboxrd@z Thu Jan 1 00:00:00 1970 Date: Thu, 8 Jan 2009 09:43:14 -0800 From: "Roman V. Shaposhnik" In-reply-to: <13426df10901070855t49869a03k3db4fb51b69373a3@mail.gmail.com> To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net> Message-id: <1231436594.5141.255.camel@goose.sun.com> MIME-version: 1.0 Content-type: text/plain Content-transfer-encoding: 7BIT References: <9D53E35A-6A8A-43C7-A1A7-98D566FC061A@sun.com> <94fd010cc7b6b876b4fb7da01f109fd0@quanstro.net> <13426df10901070855t49869a03k3db4fb51b69373a3@mail.gmail.com> Subject: Re: [9fans] directly opening Plan9 devices Topicbox-Message-UUID: 7d20072e-ead4-11e9-9d60-3106f5b1d025 On Wed, 2009-01-07 at 08:55 -0800, ron minnich wrote: > The underlying assumption of motivation for this discussion is that > jailing (or whatever we want to call it) is somehow a good thing. > Given that every CPU we care about comes with virtualization hardware, > I just can't see the point of jails -- seems like an idea whose time > has gone, kind of like 8086 segments. > > If we give up on using RFNOMNT as a jailing mechanism, do the concerns > really make any sense? Well, as was pointed out before -- not all hardware supports virtualization. And it would be a mistake to stick a virtualization layer into every bit of silicone. The discussion here is really about one kernel vs. many. Hardware not being able to run many gives you one constraint. Another issue is that many kernels don't share anything unless explicitly told so. A single kernel have access to everything and thus needs to be explicitly told when access to resources is NOT to be granted. Just two ways to think about it. Don't know which one is better. Thanks, Roman.