

Jailhouse: A Linux-based Partitioning Hypervisor - gluegadget
https://github.com/siemens/jailhouse

======
fragmede
The official announce email (
[https://lwn.net/Articles/574273/](https://lwn.net/Articles/574273/) )
provides a bit more detail, including a link to the Jailhouse presentation at
this year's KVM Forum for the differences between KVM and Jailhouse:
[https://docs.google.com/file/d/0B6HTUUWSPdd-
Zl93MVhlMnRJRjg](https://docs.google.com/file/d/0B6HTUUWSPdd-Zl93MVhlMnRJRjg)

~~~
j_s
[https://github.com/siemens/jailhouse](https://github.com/siemens/jailhouse)

------
staunch
This is the most exciting kind of virtualization I've seen. I wish it was
ready for prime time so I could use it for real!

------
Daviey
This is interesting, in that it seems to be in compeiting space to LXC.. but
makes use of VMX for machine isolation rather than using namespace / cgroups.

It's a shame they haven't provided some benchmarks...

~~~
baruch
It can't be competing with LXC, with LXC you can do over-provisioning of the
server and maximize the utilization. With Jailhouse you under-subscribe your
system in order to get maximal separation and performance guarantees.

I can see using this for real-time applications alongside management stuff and
for separating critical and possibly buggy kernel drivers to where they can't
harm the rest of the system.

~~~
rbanffy
Be fair. It can be said they compete, but, due to their very different design
priorities, they don't compete directly.

I don't think the benchmarks make much sense in this situation, unless you
measure server utilization and performance guarantees (which is the dimension
in which they differentiate themselves).

~~~
baruch
You are right.

One could use LXC for completely allocating a CPU for some container so they
can compete on one aspect. LXC still doesn't run on bare-metal and so can't
take on the cpu separation for hardware accesses but there is a dimension in
which they compete.

~~~
rbanffy
That's a really interesting idea - LXC and Jailhouse can be stacked in order
to achieve both of their design goals.

------
ithkuil
How do guests (ehm, inmates?) get access to shared hardware?

~~~
lambda
As far as I can tell, there is no shared hardware. The point is that it
dedicates certain hardware to the guests, and they have full access to it.

This is not supposed to fit into the same space as Xen or KVM; it's supposed
to give the guest pretty much bare-metal control over the resources that you
give it, with minimal interference from the host, so it can be used for real-
time applications even if the host kernel is not real-time.

~~~
ithkuil
Ok, makes sense. But then "jail" is a bad name for it, I'm sure inmates have
to use a lot of shared hardware in the real life. In fact "partition" conveys
the right meaning.

------
bdg
I've been working with FreeBSD Jails for quite a while now and this looks like
a clone for Linux.

For those who don't know, a FreeBSD Jail is a virtualization on the OS level
(rather than Hardware level as provided by VirtualBox et al). It's similar in
concept to creating a chroot, but you're also locking down processes.

[http://www.freebsd.org/doc/handbook/jails.html](http://www.freebsd.org/doc/handbook/jails.html)

~~~
lucian1900
LXC is the Jails equivalent.

Jailhouse appears to be almost like an exokernel.

