Re: [Vserver] secure a guest against the host's root-account

From: Michael S. Zick <mszick_at_morethan.org>
Date: Mon 24 Apr 2006 - 13:28:18 BST
Message-Id: <200604240728.18832.mszick@morethan.org>

On Mon April 24 2006 01:02, Oliver Welter wrote:
> Hi Folks,
>
> this might be a strange question for some of you as it is more an
> academical interesst, but I hope you can help me out ;)
>
> Q: Is there a way to prevent that a superuser on the host system can
>
> * see process of a guest
> * enter a guest
> * receive any other valuable info from the guest
>
> The idea behind is easy - I want to give away a guest system that uses
> an encrypted filesystem for its sensible data. The guest system itsself
> will provide only very limited access to the data via an API and it must
> be prevented by any means that even the "Bofh" of the host can access
> any of the data....
>
> So, is there any way to do this ? I guess that SELinux/GR will offer
> some pointers to forbid root these actions, but are there any "easier"
> ways ??
>
Sounds like SELinux is the tool of choice for that.

Mike
> Oliver
_______________________________________________
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Received on Tue Apr 25 16:09:56 2006

[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Tue 25 Apr 2006 - 16:10:23 BST by hypermail 2.1.8