From: Mark Knecht <markknecht@gmail.com>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] Increasing security [WAS: Rooted/compromised Gentoo, seeking advice [Solved?]
Date: Fri, 13 Aug 2010 12:24:51 -0700 [thread overview]
Message-ID: <AANLkTikxCtuoQ=wAQzZc2dRBfDJ7pEVsjezG_Z3rz6GT@mail.gmail.com> (raw)
In-Reply-To: <20100813185843.GA26738@nibiru.local>
On Fri, Aug 13, 2010 at 11:58 AM, Enrico Weigelt <weigelt@metux.de> wrote:
> * Mark Knecht <markknecht@gmail.com> wrote:
>
> Hi,
>
>> Since I'm not an IT guy could you please explain this just a bit
>> more? What is 'a container'? Is it a chroot running on the same
>> machine? A different machine? Something completely different?
>
> http://lxc.sourceforge.net/
> http://wiki.openvz.org/Main_Page
>
> Unlike VM solutions like kvm, vmware, etc, these (OS-side)
> container implementations split off the operating system
> resources (filesystem, network interfaces, process-IDs, ...)
> into namespaces, so each container only sees its own resources,
> not those of the host system or other containers.
>
> That's essentially what's behind the "virtual private server"
> solutions offered by various ISPs.
>
>> In the OP's case (I believe) he thought a personal machine at home
>> was compromised. If that's the case then without doubling my
>> electrical bill (2 computers) how would I implement your containers?
>
> He would have several virtual servers running on just one metal.
> If the host system is not accessible from the outside world, just
> the virtual servers - an attacker could probably highjack what's
> inside the virtual servers, but cant get to the host system.
>
>
> cu
Thank you Enrico. I'll have to learn about this.
Cheers,
Mark
prev parent reply other threads:[~2010-08-13 20:05 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-08-10 6:10 [gentoo-user] Re: Rooted/compromised Gentoo, seeking advice [Solved?] Paul Hartman
2010-08-10 8:47 ` Neil Bothwick
2010-08-13 15:25 ` [gentoo-user] Increasing security [WAS: " Enrico Weigelt
2010-08-13 16:25 ` Mark Knecht
2010-08-13 17:07 ` Bill Longman
2010-08-13 19:05 ` Enrico Weigelt
2010-08-14 19:32 ` Jarry
2010-08-16 14:16 ` Bill Longman
2010-08-16 15:29 ` Mark Knecht
2010-08-16 16:07 ` Jarry
2010-08-16 16:24 ` Bill Longman
2010-09-10 1:06 ` Enrico Weigelt
2010-08-13 18:58 ` Enrico Weigelt
2010-08-13 19:24 ` Mark Knecht [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='AANLkTikxCtuoQ=wAQzZc2dRBfDJ7pEVsjezG_Z3rz6GT@mail.gmail.com' \
--to=markknecht@gmail.com \
--cc=gentoo-user@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox