1 |
On Fri, Aug 13, 2010 at 11:58 AM, Enrico Weigelt <weigelt@×××××.de> wrote: |
2 |
> * Mark Knecht <markknecht@×××××.com> wrote: |
3 |
> |
4 |
> Hi, |
5 |
> |
6 |
>> Since I'm not an IT guy could you please explain this just a bit |
7 |
>> more? What is 'a container'? Is it a chroot running on the same |
8 |
>> machine? A different machine? Something completely different? |
9 |
> |
10 |
> http://lxc.sourceforge.net/ |
11 |
> http://wiki.openvz.org/Main_Page |
12 |
> |
13 |
> Unlike VM solutions like kvm, vmware, etc, these (OS-side) |
14 |
> container implementations split off the operating system |
15 |
> resources (filesystem, network interfaces, process-IDs, ...) |
16 |
> into namespaces, so each container only sees its own resources, |
17 |
> not those of the host system or other containers. |
18 |
> |
19 |
> That's essentially what's behind the "virtual private server" |
20 |
> solutions offered by various ISPs. |
21 |
> |
22 |
>> In the OP's case (I believe) he thought a personal machine at home |
23 |
>> was compromised. If that's the case then without doubling my |
24 |
>> electrical bill (2 computers) how would I implement your containers? |
25 |
> |
26 |
> He would have several virtual servers running on just one metal. |
27 |
> If the host system is not accessible from the outside world, just |
28 |
> the virtual servers - an attacker could probably highjack what's |
29 |
> inside the virtual servers, but cant get to the host system. |
30 |
> |
31 |
> |
32 |
> cu |
33 |
|
34 |
Thank you Enrico. I'll have to learn about this. |
35 |
|
36 |
Cheers, |
37 |
Mark |