Hacker News new | past | comments | ask | show | jobs | submit login
OpenBSD vmm/vmd Update [pdf] (bhyvecon.org)
104 points by fcambus on Mar 13, 2016 | hide | past | web | favorite | 12 comments

Reyk Floeter's paper explains more about the implementation of the userland side, vmd(8), including its privsep design and the use of pledge(2):


OpenBSD's vmm(4) isn't related to FreeBSD bhyve, but Mike and Reyk were invited to talk about it in Tokyo. :-)

vmctl(8) docs don't mention send/receive commands.

Curious what exactly those do.


The way I understand it, it's not there, currently, more like something they want to support eventually.

With the current hype seeming to have moved from full VMs to containers, would there be more interest in porting Jails to OpenBSD?

Historically chroot and systrace have been felt to be "good enough" but they have in my experience been tedious to set up.

if there is one thing I've learned from being in the OpenBSD community for the past 10+ years it's that current hype is of little to no interest to the folks writing code.

I think (please correct if I am wrong), systrace has some race conditions and is not considered completely secure.

"Applications that use clone()-like system calls to share the complete address space between processes may be able to replace system call arguments after they have been evaluated by systrace and escape policy enforcement."


OpenBSD apps leverage traditional approaches heavily like chroot and privilege separation through different users - even within applications but there is no network separation or similar as in jails or Linux namespaces.

I know that this is somewhat off the topic, but does anyone have anything I can read about implementing memory managers?

OSDev is a very good resource:


That deals a lot with theory, I am in need of some implementations that work. I've found things that don't work, but I need something I can start and play with.

Nothing really seems available which seems sad.

UVM, the virtual memory subsystem in BSDs, is actually very nicely explained in Charles Cranor's disertation. An abridged version was presented at USENIX: https://www.usenix.org/legacy/event/usenix99/full_papers/cra... , and if you google around, you can find the full thesis.

So I would look around unikernels like IncludeOS. They might have something from linux ready-to-use.

"– Support advanced processor features, but don't require them"

I like that a lot but I'd like to know it can do emulation.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact