| 1 |
7v5w7go9ub0o schrieb: |
| 2 |
> |
| 3 |
[...] |
| 4 |
> |
| 5 |
> Presuming that one is seeking greater security, how does xen compare |
| 6 |
> with vmware in that regard? |
| 7 |
|
| 8 |
Xen requires a kernel modification for the host system as well as for |
| 9 |
the guest system. VMWare emulates a complete (hardware) environment so |
| 10 |
the guest OS won't even notice being virtualized. Therefore I'd consider |
| 11 |
it more secure to use VMWare rather then Xen. |
| 12 |
|
| 13 |
> Would a server in a VM actually be more secure than a server in a |
| 14 |
> "hardened" chroot jail? |
| 15 |
|
| 16 |
Yes, since using a chroot jail (even a hardened one - guess you mean |
| 17 |
grsec protection or similar) means nevertheless sharing of process |
| 18 |
environment and devices. In addition, all chroot instances are using the |
| 19 |
same kernel - using a full virtualisation will provide its own kernel |
| 20 |
for each guest, so a vulnerability in one of these environments won't |
| 21 |
necessarily effect the other instances. |
| 22 |
-- |
| 23 |
gentoo-hardened@g.o mailing list |
Archives