Slashdot Mirror

← Back to Users

User: gelinas

gelinas's activity in the archive.

Stories
0
Comments
2
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 2

  1. Re:That's neat on Chroot Jails Made Easy · · Score: 1

    The vserver project provides a neat way to
    have chrooted process with less capabilities
    so they can't break out. For example, they can't
    use mknod nor write to /proc. In fact, they can't
    mount. So even as root with a compiler, you won't
    break the chroot (all the tricks have been tested).

    http://www.solucorp.qc.ca/miscprj/s_context.hc

  2. Re:Real jail for Linux on Chroot Jails Made Easy · · Score: 4, Interesting
    The vserver projet provides a more general solution
    than jail (2 syscalls instead of one). It also builds on
    linux capabilities, so you can control the level of
    privilege a virtual server has (root in a vserver).
    Because of its generality, it was far easier to package
    solutions out of it. vserver is already in production today.
    Some ASP offers virtual servers to customer.
    Quite frankly, once you have tried vservers, it changes the way you work (for the better). Here are some advantage:

    • As fast as the native server
      -More secure. A vserver can't break into the root
      server.
    • A vserver containing a pretty full linux distro uses
      30-40megabytes of disk space.
    • Cloning a vserver takes one minute. So having
      a production server running side by side with a
      clone so you can test upgrades is easy and safe.
    • A vserver may be moved from one physical server
      to another without reconfiguration.


    To say that vserver is promising is ... missleading :-)