Containers and kernel namespaces, and so forth are MEANINGLESS against the Meltdown and Sceptre problems. It's a hardware bug that lets any userspace process access anything the kernel can address. -----Original Message----- From: "Joel Wirāmu Pauling" Sent: Thursday, January 4, 2018 4:52pm To: "Dave Taht" Cc: "Jonathan Morton" , cerowrt-devel@lists.bufferbloat.net Subject: Re: [Cerowrt-devel] KASLR: Do we have to worry about other arches than x86? Well as I've argued before Lede ideally should be using to Kernel Namespaces (poor mans containers) for at a minimum the firewall and per-interface routing instances. The stuff I am running at home is mostly on cheap Atom board, so it's a matter of squeezing out unneeded cruft on the platform. Also I don't want to be admining centos/rhel servers at home. On 5 January 2018 at 10:47, Dave Taht <[ dave.taht@gmail.com ]( mailto:dave.taht@gmail.com )> wrote: On Thu, Jan 4, 2018 at 1:44 PM, Joel Wirāmu Pauling <[ joel@aenertia.net ]( mailto:joel@aenertia.net )> wrote: > > > On 5 January 2018 at 01:09, Jonathan Morton <[ chromatix99@gmail.com ]( mailto:chromatix99@gmail.com )> wrote: >> >> >> >> I don't think we need to worry about it too much in a router context. >> Virtual server folks, OTOH... >> >> - Jonathan Morton >> > Disagree - The Router is pretty much synonymous with NFV > > ; I run my lede instances at home on hypervisors - and this is definitely > the norm in Datacentres now. We need to work through this quite carefully. Yes, the NFV case is serious and what I concluded we had most to worry about - before starting to worry about the lower end router chips themselves. But I wasn't aware that people were actually trying to run lede in that, I'd kind of expected a more server-like distro to be used there. Why lede in a NFV? Ease of configuration? Reduced attack surface? (hah) The only x86 chip I use (aside from simulations) is the AMD one in the apu2, which I don't know enough about as per speculation... -- Dave Täht CEO, TekLibre, LLC [ http://www.teklibre.com ]( http://www.teklibre.com ) Tel: 1-669-226-2619