Re: Functionality simular to FreeBSD's jails
> No. chroot is not safe enough. I want to create virtual boxes in which
> I can give root rights to other people and I want to be sure that they
> can't break other boxes.
>
> AGAIK if you have root you can escape chroot'ed directory. Another
> problems that root can have direct access to devices. I don't want to
> allow it. Good solution is really independant virtual boxes which are
> run from one real. This is what FreeBSD's jails provides. User-mode
> linux kernel seems to allow it too but I'm not sure how stable is it
> and if there are exist any limitations.
I just found a page that might contain what you are looking for:
http://www.gnu.org/directory/vsd.html
"VSD - Facilitates Linux Virtual Servers within a 'chroot' environment."
The Virtual Server Daemon is free software that creates Linux Virtual Servers with the look, feel, and functionality of a dedicated
Linux appliance. This lets web servers and other applications be deployed and administered discretely without a security threat.
VSD powered servers run just one instance of the Linux kernel per host server. A single Intel P-III with sufficient RAM can service
250 Virtual Servers. VSD was developed for situations where leased lines and server colocation were impossible for financial or
technical reasons.
VSD creates replicas of a working GNU Linux file system and uses this as a template for Virtual Servers. The replica files (not the
entire OS) are 'hardlinked' to the original image, and share the same inode as the original file (which saves disk space). Each
replica is assigned a unique IP address, and a user can then log into that Virtual Server transparently using Telnet or FTP.
Using 'chroot' software, the user is then 'locked' into the Virtual Server environment and cannot reach adjacent Virtual Servers or
the main Operating System files, thus reducing the security risk.
Reply to: