| 1 |
On Fri, Aug 13, 2010 at 11:58 AM, Enrico Weigelt <weigelt@×××××.de> wrote: |
| 2 |
> * Mark Knecht <markknecht@×××××.com> wrote: |
| 3 |
> |
| 4 |
> Hi, |
| 5 |
> |
| 6 |
>> Since I'm not an IT guy could you please explain this just a bit |
| 7 |
>> more? What is 'a container'? Is it a chroot running on the same |
| 8 |
>> machine? A different machine? Something completely different? |
| 9 |
> |
| 10 |
> http://lxc.sourceforge.net/ |
| 11 |
> http://wiki.openvz.org/Main_Page |
| 12 |
> |
| 13 |
> Unlike VM solutions like kvm, vmware, etc, these (OS-side) |
| 14 |
> container implementations split off the operating system |
| 15 |
> resources (filesystem, network interfaces, process-IDs, ...) |
| 16 |
> into namespaces, so each container only sees its own resources, |
| 17 |
> not those of the host system or other containers. |
| 18 |
> |
| 19 |
> That's essentially what's behind the "virtual private server" |
| 20 |
> solutions offered by various ISPs. |
| 21 |
> |
| 22 |
>> In the OP's case (I believe) he thought a personal machine at home |
| 23 |
>> was compromised. If that's the case then without doubling my |
| 24 |
>> electrical bill (2 computers) how would I implement your containers? |
| 25 |
> |
| 26 |
> He would have several virtual servers running on just one metal. |
| 27 |
> If the host system is not accessible from the outside world, just |
| 28 |
> the virtual servers - an attacker could probably highjack what's |
| 29 |
> inside the virtual servers, but cant get to the host system. |
| 30 |
> |
| 31 |
> |
| 32 |
> cu |
| 33 |
|
| 34 |
Thank you Enrico. I'll have to learn about this. |
| 35 |
|
| 36 |
Cheers, |
| 37 |
Mark |
Archives