Hacker News new | ask | show | jobs
by icebraining 3281 days ago
Nope, common pages are no longer shared between VMs, because it was demonstrated that was a bad idea, security-wise:

upcoming ESXi Update releases will no longer enable TPS between Virtual Machines by default

https://kb.vmware.com/selfservice/microsites/search.do?langu...
2 comments
AstralStorm 3281 days ago
Guess what, if it is a bad idea for a VM, it must be exponentially worse for something less isolated.
link
icebraining 3281 days ago
Yes. Thankfully, the point is that using the regular container model you don't need memory page sharing, because there's only one kernel anyway, not a copy per each container.
link
AstralStorm 3281 days ago
Page cache and disk cache are quite shared between containers...
link
icebraining 3281 days ago
And they share a CPU, too. Please come back with an actual point (like a link describing a attack on encryption using that shared cache), as I don't have time to make one for you.
link
j_s 3281 days ago
Administrators may revert to the previous behavior if they so wish.

Sounds like a sane change to the defaults, but anyone who isn't securing against 3rd party code can turn it back on (to return to much more Docker-like security/performance).

link