Re: Functionality simular to FreeBSD's jails
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
A long time ago, in a galaxy far, far way, someone said...
> No. chroot is not safe enough. I want to create virtual boxes in which
> I can give root rights to other people and I want to be sure that they
> can't break other boxes.
The closest Linux comes to FreeBSD's "jail" functionality is User-Mode
Linux.
The home page is http://user-mode-linux.sourceforge.net/.
What it is is a port of the 2.4.x Linux kernel to run as a user-level
application. It creates a virtual machine with its own root file system,
root password, and so on.
The applications running in the virtual machine (eg BIND) have no way of
knowing that they are running in a virtual machine. If the application in
the VM gets hacked, all the attacker gets to is the simulated root, and
has *no* access to the host machine (rather, as much access as the
administrator gives the vm).
Network access goes over a simulated lan on the host machine using Linux's
ethernet tap functionality.
- --
- ----------------------------------------------------------------------
Phil Brutsche pbrutsch@tux.creighton.edu
GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC
GPG key id: 50DE1CFC
GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE6sQQ0/ZTSZFDeHPwRAvasAJsH/jheWQl6MTNJbb9gTvPcxtXO4wCfQKNy
/POH7VXL5sqhWtGd2WbI4ac=
=6Io3
-----END PGP SIGNATURE-----
Reply to: