[linux-lvm] LVM performance vs direct dm-thin

[Zdenek Kabelac]

Dne 04. 02. 22 v 1:01 Demi Marie Obenour napsal(a):
> On Thu, Feb 03, 2022 at 01:28:37PM +0100, Zdenek Kabelac wrote:
>> Dne 03. 02. 22 v 5:48 Demi Marie Obenour napsal(a):
>>> On Mon, Jan 31, 2022 at 10:29:04PM +0100, Marian Csontos wrote:
>>>> On Sun, Jan 30, 2022 at 11:17 PM Demi Marie Obenour <
>>>> demi at invisiblethingslab.com> wrote:
>>>>
>>>>> On Sun, Jan 30, 2022 at 04:39:30PM -0500, Stuart D. Gathman wrote:

>> If they need to use containerized software they should use containers like
>> i.e. Docker - if they need full virtual secure machine - it certainly has
>> it's price (mainly way higher memory consumption)
>> I've some doubts there is some real good reason to have quickly created VMs
>> as they surely are supposed to be a long time living entities
>> (hours/days...)
> 
> Simply put, Qubes OS literally does not have a choice.  Qubes OS is
> intended to protect against very high-level attackers who are likely to

I'd say you are putting your effort into wrong place then.
AKA you effort placed in optimizing given chang is no where near to using 
things properly...

>> VMs and containers have its strength and weaknesses..
>> Not sure why some many people try to pretend VMs can be as efficient as
>> containers or containers as secure as VMs. Just always pick the right
>> tool...
> 
> Qubes OS needs secure *and* fast.  To quote the seL4 microkernel’s
> mantra, “Security is no excuse for poor performance!”.

And who ever tells you he can get the same performance for VM as with 
container has no idea how OS works...

Security simply *IS* expensive (especially with Intel CPUs ;))

Educated user needs to pick the level he wants to pay for it.

Regards

Zdenek