
AWS Firecracker Open Source: Secure and Fast MicroVM for Serverless Computing - areski
https://aws.amazon.com/blogs/opensource/firecracker-open-source-secure-fast-microvm-serverless/
======
sciurus
Duplicate of
[https://news.ycombinator.com/item?id=18539539](https://news.ycombinator.com/item?id=18539539)

------
Spidler
New, secure, VM..

    
    
        sudo chmod 777 /dev/kvm
    

But... but... almost.

~~~
gtsteve
Oh dear. Given the audience for this article I'd assume that readers know that
this configuration is not suitable for production... but then again it would
probably be a good idea for the article to state that!

~~~
aliguori
Hi, I work at AWS and before that on KVM since it was a thing.

Restricting /dev/kvm these days doesn't make much sense. The interface is
designed to be safe for any user. The fact that we started as a character
device and not syscalls is just a historical decision.

~~~
gtsteve
Thank you, I have learned something new! I believed it was somewhat similar to
having access to the Docker socket and I was always sure to restrict it.
Everyone please ignore me.

