About this list Date view Thread view Subject view Author view Attachment view

From: Jacques Gelinas (jack_at_solucorp.qc.ca)
Date: Sat 08 Dec 2001 - 05:38:00 GMT


On Thu, 6 Dec 2001 22:05:58 -0500, Kerberus wrote
> Pssst, lurker here..... jus my .02 cents.
>
> Not to knock you guys, but one drawback is it runs only on linux... not
> any of the *BSDs, I heard at one point there was supposed to be a "port"
> but that was last year sometime! Im sorry but i wount chase dependent
> rpms all over the net with a linux box. BSD is so much more straigh
> forward...

Especially if the package you need is available :-) Quite frankly, you must dig
much more on bsd than on linux.

> but unfortunatley "vserver" is linux specific. So I would say
> not only to dependent on diistribution, but also on the OS itself.

Indeed. In the documentation, I am describing one of the big benefit of vserver
compared to truely virtual machines where you run the OS you want. The
benefits are

        performance

        resource sharing

        ability to monitor the vserver from the root server
        without having the vserver to know about it.

The latest is the feature imho to increase security. Basically, the vserver
allows one to answer a question no one is able to answer, unless the
answer is yes. The question is

        Does this server have been cracked ?

If this is the case, then, you can say yes. If not, the only answer is

        "I don't think so".

If you have no network service in the root server, it is not crackable (unless
the kernel has a serious bug). Being uncrackable, it is reliable. So if you
ask you tripware of md5sum or rpm utility to check the signature
of key files, you know you can trust the result. Further, with immutability
being much more easier to use, you can even "lock" your server and know
that even if it has been cracked, it is not modified.

If peope have ideas about this, this is welcome. I intend to provide solutions
to ease this strategy (such as a vlock utility to lock/unlock vserver configuration
for example).

---------------------------------------------------------
Jacques Gelinas <jack_at_solucorp.qc.ca>
vserver: run general purpose virtual servers on one box, full speed!
http://www.solucorp.qc.ca/miscprj/s_context.hc


About this list Date view Thread view Subject view Author view Attachment view
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Wed 06 Nov 2002 - 07:03:38 GMT by hypermail 2.1.3