From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1Ok0Vl-0008Gj-SE for garchives@archives.gentoo.org; Fri, 13 Aug 2010 20:05:54 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 050B9E0992 for ; Fri, 13 Aug 2010 20:05:53 +0000 (UTC) Received: from mail-ww0-f53.google.com (mail-ww0-f53.google.com [74.125.82.53]) by pigeon.gentoo.org (Postfix) with ESMTP id A1D81E087B for ; Fri, 13 Aug 2010 19:24:52 +0000 (UTC) Received: by wwb17 with SMTP id 17so1719129wwb.10 for ; Fri, 13 Aug 2010 12:24:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:content-type :content-transfer-encoding; bh=OhZ3bjbX4Cf/3t49N0uO3dCGi9/YbHw3Lrppe9XD59U=; b=vlXk28rQ+MlCjyXyyGkOEY27p3HK3FxPH52cK787dIXwcLxgfut/DYV3DSb6x+w0Y/ LuWEQ/UY61j0FLKybaS89WV/z4BN4/Ks8JNPnaBSEj7sRZVZg7zFtvLifNygFwsGqRmx UhEdAHAF4rQv5GMkAgCja3OL69GPSH3EkFiQw= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=mUQi6nbJKdRGPjuH8fQvxpNZD8deH7j5ZKhKWU9lEKqk77NYvTBdjbeb5Y6v2SSTXx fbAlWA+QzxJu+6nXQrl6CCTDkp1VNePFU8kGRj9GHRbRJtNcHTYUZ8WJOH48wIllH+Jc KP6DMu4ImSxcgzjjIno9LuNoScGm+h6CCv2sM= Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Received: by 10.227.132.211 with SMTP id c19mr1605027wbt.226.1281727491979; Fri, 13 Aug 2010 12:24:51 -0700 (PDT) Received: by 10.216.49.204 with HTTP; Fri, 13 Aug 2010 12:24:51 -0700 (PDT) In-Reply-To: <20100813185843.GA26738@nibiru.local> References: <20100813152553.GB21326@nibiru.local> <20100813185843.GA26738@nibiru.local> Date: Fri, 13 Aug 2010 12:24:51 -0700 Message-ID: Subject: Re: [gentoo-user] Increasing security [WAS: Rooted/compromised Gentoo, seeking advice [Solved?] From: Mark Knecht To: gentoo-user@lists.gentoo.org Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Archives-Salt: d11b37e6-bde0-4e32-a64e-e4939cc680ce X-Archives-Hash: 9e2fe356bc35aed97f4449d0dfc74a01 On Fri, Aug 13, 2010 at 11:58 AM, Enrico Weigelt wrote: > * Mark Knecht wrote: > > Hi, > >> =C2=A0 =C2=A0Since I'm not an IT guy could you please explain this just = a bit >> more? What is 'a container'? Is it a chroot running on the same >> machine? A different machine? Something completely different? > > http://lxc.sourceforge.net/ > http://wiki.openvz.org/Main_Page > > Unlike VM solutions like kvm, vmware, etc, these (OS-side) > container implementations split off the operating system > resources (filesystem, network interfaces, process-IDs, ...) > into namespaces, so each container only sees its own resources, > not those of the host system or other containers. > > That's essentially what's behind the "virtual private server" > solutions offered by various ISPs. > >> =C2=A0 =C2=A0In the OP's case (I believe) he thought a personal machine = at home >> was compromised. If that's the case then without doubling my >> electrical bill (2 computers) how would I implement your containers? > > He would have several virtual servers running on just one metal. > If the host system is not accessible from the outside world, just > the virtual servers - an attacker could probably highjack what's > inside the virtual servers, but cant get to the host system. > > > cu Thank you Enrico. I'll have to learn about this. Cheers, Mark