1 |
7v5w7go9ub0o schrieb: |
2 |
> |
3 |
[...] |
4 |
> |
5 |
> Presuming that one is seeking greater security, how does xen compare |
6 |
> with vmware in that regard? |
7 |
|
8 |
Xen requires a kernel modification for the host system as well as for |
9 |
the guest system. VMWare emulates a complete (hardware) environment so |
10 |
the guest OS won't even notice being virtualized. Therefore I'd consider |
11 |
it more secure to use VMWare rather then Xen. |
12 |
|
13 |
> Would a server in a VM actually be more secure than a server in a |
14 |
> "hardened" chroot jail? |
15 |
|
16 |
Yes, since using a chroot jail (even a hardened one - guess you mean |
17 |
grsec protection or similar) means nevertheless sharing of process |
18 |
environment and devices. In addition, all chroot instances are using the |
19 |
same kernel - using a full virtualisation will provide its own kernel |
20 |
for each guest, so a vulnerability in one of these environments won't |
21 |
necessarily effect the other instances. |
22 |
-- |
23 |
gentoo-hardened@g.o mailing list |