Matthew Dillon wrote: > I think the idea has merit, it just isn't being taken far enough. What > we really want here is a 'virtual machine'. The current jail subsystem > is still sharing the same kernel resources, data space, and code, > and thus could still panic the entire system and could still create > cross-jail security issues. I'm not comfortable with the idea of substituting VMs for jails. While they're not entirely orthogonal (a VM could be viewed as a jail with more separation), I have distinct uses for jails and VMs. Not so sure that a VM would help with panics. I think you'll just end up swapping one set of panic-causing bugs for another. Dave