果然:
IncludeOS services run in ring 0, in a single address space without protection. That's
a lot of power to play with. For example: Try asm("hlt") in a normal userspace
program - then try it in IncludeOS. Explain to the duck exactly what's going on ... and
it will tell you why Intel made VT-x (Yes IBM was way behind Alan Turing). That's a
virtualization gold nugget, in reward of your mischief. If you believe in these kinds of
lessons, there's always more Fun with Guns and Knives.
不知道这对服务的安全性会有什么影响
【 在 tgfbeta (酸菜面 健康品) 的大作中提到: 】
: unikernel是把应用/服务运行在内核空间吗?ring0?