[Vserver] secure a guest against the host's root-account

From: Oliver Welter <mail_at_oliwel.de>
Date: Mon 24 Apr 2006 - 07:02:43 BST
Message-Id: <444C6A03.6040404@oliwel.de>

Hi Folks,

this might be a strange question for some of you as it is more an
academical interesst, but I hope you can help me out ;)

Q: Is there a way to prevent that a superuser on the host system can

* see process of a guest
* enter a guest
* receive any other valuable info from the guest

The idea behind is easy - I want to give away a guest system that uses
an encrypted filesystem for its sensible data. The guest system itsself
will provide only very limited access to the data via an API and it must
be prevented by any means that even the "Bofh" of the host can access
any of the data....

So, is there any way to do this ? I guess that SELinux/GR will offer
some pointers to forbid root these actions, but are there any "easier"
ways ??

Oliver

-- 
Diese Nachricht wurde digital unterschrieben
oliwel's public key: http://www.oliwel.de/oliwel.crt
Basiszertifikat: http://www.ldv.ei.tum.de/page72

_______________________________________________
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Received on Mon Apr 24 07:01:25 2006
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Mon 24 Apr 2006 - 07:01:36 BST by hypermail 2.1.8