From: Enrico Weigelt <weigelt@metux.de>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] Increasing security [WAS: Rooted/compromised Gentoo, seeking advice [Solved?]
Date: Fri, 13 Aug 2010 20:58:43 +0200 [thread overview]
Message-ID: <20100813185843.GA26738@nibiru.local> (raw)
In-Reply-To: <AANLkTimT-fUKEohbn4M+rp9yd-5FfAzCGiGG4-BCmEAP@mail.gmail.com>
* Mark Knecht <markknecht@gmail.com> wrote:
Hi,
> Since I'm not an IT guy could you please explain this just a bit
> more? What is 'a container'? Is it a chroot running on the same
> machine? A different machine? Something completely different?
http://lxc.sourceforge.net/
http://wiki.openvz.org/Main_Page
Unlike VM solutions like kvm, vmware, etc, these (OS-side)
container implementations split off the operating system
resources (filesystem, network interfaces, process-IDs, ...)
into namespaces, so each container only sees its own resources,
not those of the host system or other containers.
That's essentially what's behind the "virtual private server"
solutions offered by various ISPs.
> In the OP's case (I believe) he thought a personal machine at home
> was compromised. If that's the case then without doubling my
> electrical bill (2 computers) how would I implement your containers?
He would have several virtual servers running on just one metal.
If the host system is not accessible from the outside world, just
the virtual servers - an attacker could probably highjack what's
inside the virtual servers, but cant get to the host system.
cu
--
----------------------------------------------------------------------
Enrico Weigelt, metux IT service -- http://www.metux.de/
phone: +49 36207 519931 email: weigelt@metux.de
mobile: +49 151 27565287 icq: 210169427 skype: nekrad666
----------------------------------------------------------------------
Embedded-Linux / Portierung / Opensource-QM / Verteilte Systeme
----------------------------------------------------------------------
next prev parent reply other threads:[~2010-08-13 19:10 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-08-10 6:10 [gentoo-user] Re: Rooted/compromised Gentoo, seeking advice [Solved?] Paul Hartman
2010-08-10 8:47 ` Neil Bothwick
2010-08-13 15:25 ` [gentoo-user] Increasing security [WAS: " Enrico Weigelt
2010-08-13 16:25 ` Mark Knecht
2010-08-13 17:07 ` Bill Longman
2010-08-13 19:05 ` Enrico Weigelt
2010-08-14 19:32 ` Jarry
2010-08-16 14:16 ` Bill Longman
2010-08-16 15:29 ` Mark Knecht
2010-08-16 16:07 ` Jarry
2010-08-16 16:24 ` Bill Longman
2010-09-10 1:06 ` Enrico Weigelt
2010-08-13 18:58 ` Enrico Weigelt [this message]
2010-08-13 19:24 ` Mark Knecht
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100813185843.GA26738@nibiru.local \
--to=weigelt@metux.de \
--cc=gentoo-user@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox