1 |
* Mark Knecht <markknecht@×××××.com> wrote: |
2 |
|
3 |
Hi, |
4 |
|
5 |
> Since I'm not an IT guy could you please explain this just a bit |
6 |
> more? What is 'a container'? Is it a chroot running on the same |
7 |
> machine? A different machine? Something completely different? |
8 |
|
9 |
http://lxc.sourceforge.net/ |
10 |
http://wiki.openvz.org/Main_Page |
11 |
|
12 |
Unlike VM solutions like kvm, vmware, etc, these (OS-side) |
13 |
container implementations split off the operating system |
14 |
resources (filesystem, network interfaces, process-IDs, ...) |
15 |
into namespaces, so each container only sees its own resources, |
16 |
not those of the host system or other containers. |
17 |
|
18 |
That's essentially what's behind the "virtual private server" |
19 |
solutions offered by various ISPs. |
20 |
|
21 |
> In the OP's case (I believe) he thought a personal machine at home |
22 |
> was compromised. If that's the case then without doubling my |
23 |
> electrical bill (2 computers) how would I implement your containers? |
24 |
|
25 |
He would have several virtual servers running on just one metal. |
26 |
If the host system is not accessible from the outside world, just |
27 |
the virtual servers - an attacker could probably highjack what's |
28 |
inside the virtual servers, but cant get to the host system. |
29 |
|
30 |
|
31 |
cu |
32 |
-- |
33 |
---------------------------------------------------------------------- |
34 |
Enrico Weigelt, metux IT service -- http://www.metux.de/ |
35 |
|
36 |
phone: +49 36207 519931 email: weigelt@×××××.de |
37 |
mobile: +49 151 27565287 icq: 210169427 skype: nekrad666 |
38 |
---------------------------------------------------------------------- |
39 |
Embedded-Linux / Portierung / Opensource-QM / Verteilte Systeme |
40 |
---------------------------------------------------------------------- |