From: klavs klavsen (kl_at_vsen.dk)
Date: Mon 04 Mar 2002 - 14:50:23 GMT
I run approx. 10 different services on my own computer.
Some of these services are things like a XFrisk server, and other stuff,
that I don't really trust as much :-(
I would like to be able to seperate each service within a vserver of
it's own, however that would mean that I would have to handle
portforwarding from my root-server (which holds the IP, that packages
for my public IP, gets forwarded to by a router in front), to each
vserver IP, depending on which service is running where. Also I need to
keep state and forward the packages correctly. This sounds like a pretty
elaborate and complex setup :-(
I wanted to "chroot" my services by putting 1 in each vserver and let
them safely share different files via mount --bind (and then mount the
shared stuff readonly for 1 vserver and read-write for another).
But my problem is that they can't all have the same IP.
I wanted to run an idea by you guys. Would it be possible to perhaps
enable this IP-sharing, by assigning port-ranges (within <1024) to
vserver's - and one would also have to handle that when a service
listens for the answer on a port 1023> - could that be done, by allowing
all services to grap unused ports above 1023>? would this give security
Also, I got introduced to the HP Secure OS this weekend, and it enables
this and uses something that seems like the Contexts concept.
HP has released the source code, so I figured some of you hackers wanted
to take a look and see if they have any good ideas, that vserver could
-- Regards, Klavs Klavsen
-------------| This mail has been sent to you by: |------------ Klavs Klavsen - Open Source Consultant kl_at_vsen.dk - http://www.vsen.dk
Get PGP key from www.keyserver.net - Key ID: 0x586D5BCA Fingerprint = A95E B57B 3CE0 9131 9D15 94DA E1CD 641E 586D 5BCA --------------------[ I believe that... ]----------------------- It is a myth that people resist change. People resist what other people make them do, not what they themselves choose to do... That's why companies that innovate successfully year after year seek their peopl's ideas, let them initiate new projects and encourage more experiments. -- Rosabeth Moss Kanter