It's why I try to deploy xen dom0s without any QEMU installed at all; reading th... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

csirac2 on May 13, 2015 | parent | context | favorite | on: Venom – A security vulnerability in virtual floppy...

It's why I try to deploy xen dom0s without any QEMU installed at all; reading through past xen CVEs was enough to convince me that HVM guests seem more exposed.. If anybody knows a writeup on what you might lose in terms of isolation and protection from guest escapes by sticking to PV, please do share

cjhanks on May 14, 2015 [–]

Paravirtualization loses instructions which are useful for high performance computing. That's not relevant to isolation/protection... but it is worth mentioning.

TheLoneWolfling on May 14, 2015 | [–]

Like what? And is that an intrinsic loss, or is it a limitation of existing software, or is it a limitation of existing hardware?

Consider applying for YC's Spring batch! Applications are open till Feb 11.
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact