Re: Linux 3.2 in wheezy

To: debian-devel@lists.debian.org
Subject: Re: Linux 3.2 in wheezy
From: Bernd Zeimetz <bernd@bzed.de>
Date: Mon, 30 Jan 2012 12:02:35 +0100
Message-id: <[🔎] 4F2678CB.6060508@bzed.de>
In-reply-to: <[🔎] 20120130004459.GA22039@angband.pl>
References: <20120129182205.GR12704@decadent.org.uk> <[🔎] 1327867067.13223.3.camel@hidalgo> <[🔎] 1327872371.5400.375.camel@deadeye> <[🔎] 20120130004459.GA22039@angband.pl>

On 01/30/2012 01:44 AM, Adam Borowski wrote:
[...]

> * how to ensure good isolation while still being able to do useful work? 
>   The point of vserver is that even root inside a VM shouldn't be able to
>   affect the host, on lxc you keep hurting the host by accident.  Messing
>   with capabilities blindly is trial and error, which is precisely what you
>   don't want to do in a system meant for security.

grsecurity helps a lot here - but I doubt we want to require knowledge
of grsecurity to setup a lxc container. With vserver you were not
required to have grsecurity enabled to have a more or less save-enough
virtualization solution, although I'd recommend to do so.

-- 
 Bernd Zeimetz                            Debian GNU/Linux Developer
 http://bzed.de                                http://www.debian.org
 GPG Fingerprint: ECA1 E3F2 8E11 2432 D485  DD95 EB36 171A 6FF9 435F

Reply to:

References:
- Re: Linux 3.2 in wheezy
  - From: Yves-Alexis Perez <corsac@debian.org>
- Re: Linux 3.2 in wheezy
  - From: Ben Hutchings <ben@decadent.org.uk>
- Re: Linux 3.2 in wheezy
  - From: Adam Borowski <kilobyte@angband.pl>

Prev by Date: Re: Linux 3.2 in wheezy
Next by Date: pkgdiff
Previous by thread: Re: Linux 3.2 in wheezy
Next by thread: Re: Linux 3.2 in wheezy
Index(es):
- Date
- Thread