Gentoo Archives: gentoo-user

From: Enrico Weigelt <weigelt@×××××.de>
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] Increasing security [WAS: Rooted/compromised Gentoo, seeking advice [Solved?]
Date: Fri, 13 Aug 2010 19:10:43
Message-Id: 20100813185843.GA26738@nibiru.local
In Reply to: Re: [gentoo-user] Increasing security [WAS: Rooted/compromised Gentoo, seeking advice [Solved?] by Mark Knecht
1 * Mark Knecht <markknecht@×××××.com> wrote:
2
3 Hi,
4
5 > Since I'm not an IT guy could you please explain this just a bit
6 > more? What is 'a container'? Is it a chroot running on the same
7 > machine? A different machine? Something completely different?
8
9 http://lxc.sourceforge.net/
10 http://wiki.openvz.org/Main_Page
11
12 Unlike VM solutions like kvm, vmware, etc, these (OS-side)
13 container implementations split off the operating system
14 resources (filesystem, network interfaces, process-IDs, ...)
15 into namespaces, so each container only sees its own resources,
16 not those of the host system or other containers.
17
18 That's essentially what's behind the "virtual private server"
19 solutions offered by various ISPs.
20
21 > In the OP's case (I believe) he thought a personal machine at home
22 > was compromised. If that's the case then without doubling my
23 > electrical bill (2 computers) how would I implement your containers?
24
25 He would have several virtual servers running on just one metal.
26 If the host system is not accessible from the outside world, just
27 the virtual servers - an attacker could probably highjack what's
28 inside the virtual servers, but cant get to the host system.
29
30
31 cu
32 --
33 ----------------------------------------------------------------------
34 Enrico Weigelt, metux IT service -- http://www.metux.de/
35
36 phone: +49 36207 519931 email: weigelt@×××××.de
37 mobile: +49 151 27565287 icq: 210169427 skype: nekrad666
38 ----------------------------------------------------------------------
39 Embedded-Linux / Portierung / Opensource-QM / Verteilte Systeme
40 ----------------------------------------------------------------------

Replies