Jailhouse ndeye Linux-yakavakirwa partitioning hypervisor (Yakave yakagadzirwa seyemahara GPLv2 software chirongwa). Ndizvo inokwanisa kumhanya izere mafomu kana anoshanda masystem (yakashandurwa) kuwedzera kune Linux. Nechinangwa ichi, cgadzira hunhu hwekuona hweCPUs nemidziyo yepuratifomu Hardware kuitira kuti pasave neaya madunhu, anonzi "maseru," anogona kupindirana neimwe nzira isingagamuchirwe.
Izvi zvinoreva kuti Jailhouse haina kutevedzera zviwanikwa iwe zvausina. Zvakare inopatsanura Hardware muzvikamu zviri zvoga zvinonzi "masero" Ivo vakazvipira chose kune software yevaenzi inonzi "vasungwa".
About Jailhouse
Jailhouse yakagadziridzwa kuti ive nyore pane kupfuma kwezvinhu. Kusiyana izere-inoratidzwa Linux-based hypervisors seKVM kana Xen, Jailhouse haitsigire zviwanikwa pamusoro pekuzvipira senge CPU, RAM kana zvishandiso. Izvo hazviite chero chirongwa uye zvinongogonesa izvo zviwanikwa mu software, izvo zvakakosha papuratifomu uye hazvigone kuganhurwa pane Hardware.
Kamwe Jailhouse painomisikidzwa, inomhanya zvizere, zvichireva kuti inotora kutonga kwakazara pamusoro pehardware uye haidi rutsigiro rwekunze.
Iyo hypervisor inoitwa se module yeLinux kernel uye inopa kernel-level virtualization. Zvinhu zvevashanyi zvakatove zvakaverengerwa mune huru Linux kernel.
Kudzora kuzviparadzanisa, michina yekugadzirisa michina inoshandiswa yakapihwa nemaCUUs emazuva ano. Zvinhu zvinosiyanisa Jailhouse ndiko kuita kwayo kureruka uye maitiro ayo akananga kubatanidza chaiwo michina kune yakagadziriswa CPU, RAM nharaunda, uye zvishandiso zvemahara. Maitiro aya anogonesa kushanda kwenzvimbo dzinoverengeka dzakazvimiririra pane chaiyo panyama multiprocessor server, imwe neimwe inopihwa yayo processor processor.
Nesungo rakabatana neCUU, pamusoro peiyo hypervisor mashandisirwo anoderedzwa uye kuitiswa kwayo kwakareruka, nekuti hapana chikonzero chekuita yakaoma sosi yekugovera murongi - kugovera yakaparadzaniswa CPU musimboti inoona kuti haisi ita mamwe mabasa pane iyi CPU.
Kubatsira kweiyi nzira kugona kupa kuvimbiswa kuwana zviwanikwa uye kuita kunofungidzirwa mashandiro, zvichiita Jailhouse mhinduro yakakodzera yekugadzira chaiyo-nguva mabasa. Iyo yepashure ishoma scalability, inoenderana nenhamba yeCPU cores.
Nezve iyo nyowani vhezheni yeJailhouse 0.12
Parizvino, Jailhouse iri mune yayo vhezheni 0.12 uye inosimbisa iyo tsigiro yeRaspberry Pi 4 Model B uye Texas Instruments J721E-EVM.
Pamusoro peiyo ivshmem chishandiso yaishandiswa kuronga kudyidzana pakati pemasero, rakagadziriswazve uye kuti rinogona zvakare kuita kutakura kweVIRTIO.
Iko kugona kudzikisira kugadzirwa kwemapeji makuru ekurangarira (peji hombe) yakaitwa kuvhara CVE-2018-12207 kudzvinyirira pane maIntel processors, ichibvumira murwi asina rombo kuti atange kuramba basa, zvichitungamira kuchando system mu "Machine Verification Error" nyika.
Kune masystem ane ARM64 processor, SMMUv3 inotsigirwa (System Memory Management Unit) uye TI PVU (Peripheral Virtualization Unit). Kune nharaunda sandbox inomhanya pamusoro pekombuta, PCI rutsigiro rwakawedzerwa.
Pane x86 masystem zvinokwanisika kugonesa CR4 maitiro. (Yevashandisi nzira yekudzivirira yekudzivirira) yakapihwa neIntel processors, iyo inobvumidza kurambidza kuitiswa kwemimwe mirayiridzo munzvimbo yemushandisi, senge SGDT, SLDT, SIDT, SMSW uye STR, iyo inogona kushandiswa mukurwisa kwakanangana nekuwedzera iyo ropafadzo pasystem.
Tora Jailhouse
Jailhouse inotsigira mashandiro pane x86_64 masystem ine VMX + EPT kana SVM + NPT (AMD-V) yekuwedzeredza, pamwe nepama processor ARMv7 uye ARMv8 / ARM64 pamwe nekuwedzera kwekuwedzera.
Kunyange pamusoro pezvo, jenareta yemifananidzo iri kuvandudzwa iyo yakavakirwa pamapakeji eDebian emidziyo inoenderana.
Iwe unogona kuwana kuunganidzwa uye yekumisikidza mirairo, pamwe nerumwe ruzivo Mune inotevera chinongedzo.