I have friends who run each guest on its own LVM partition, encrypted.
The partition has to be mounted by the host of course, and is
therefore accessible to that host. This strategy is to prevent any
physical theft of servers resulting in compromised data.
I guess it depends on your aims with the encryption.
Cheers,
Ben
Quoting Oliver Welter <mail@oliwel.de>:
> Hi,
>
> the question is what do you expect to be "encrypted"? You can put
> the filesystem of the guest onto an encrypted device but AFAIK you
> can not prevent the root host to enter/access the context of the
> running guest. There is a "Guest Privacy" Flag in the vserver
> config, but I am not aware of what exactly it prevents.
>
> My fastest approach would be to construct a kind of "locked down"
> host without root access to prevent administrative staff from
> accessing the guest.
>
> Oliver
>
> Am 25.03.2015 um 01:39 schrieb Laurens Vets:
>> Hello list,
>>
>> I'm currently looking for a good way to encrypt Vservers.
>>
>> Basically what I want is that when I start a vserver, it asks for a
>> passphrase before booting further. I do not want to encrypt the host
>> itself, only the guests.
>>
>> What would be the best way of doing this and does anyone have any
>> experience in this?
>>
>> Thanks!
Received on Wed Mar 25 08:26:45 2015