The guest runs in a separate virtual address space enforced by the CPU hardware. A bug in the guest kernel cannot access host memory because the hardware prevents it. The host kernel only sees the user-space process. The attack surface is the hypervisor and the Virtual Machine Monitor, both of which are orders of magnitude smaller than the full kernel surface that containers share.
事業や学校でのご利用の場合は、下記のリンクを確認してください。
,推荐阅读heLLoword翻译官方下载获取更多信息
Additional reporting by Florence Freeman
#欢迎关注爱范儿官方微信公众号:爱范儿(微信号:ifanr),更多精彩内容第一时间为您奉上。
GMT — 2 p.m.