Re: Functionality simular to FreeBSD's jails
if you have enough $$ go with ibm 390 (or whatever the number is)
otherwise try wmware (or other similar product), if you require
completely virtual machines (hw and all) you need a virtual machine, I
guess there's no way around it, chroot and I suspect jail (I don't know
jail) would not cut it.
erik
Ilya Martynov wrote:
>
> >>>>> "CC" == Colin Cashman <ccashman@mediaone.net> writes:
>
> >> No. chroot is not safe enough. I want to create virtual boxes in which
> >> I can give root rights to other people and I want to be sure that they
> >> can't break other boxes.
> >>
> >> AGAIK if you have root you can escape chroot'ed directory. Another
> >> problems that root can have direct access to devices. I don't want to
> >> allow it. Good solution is really independant virtual boxes which are
> >> run from one real. This is what FreeBSD's jails provides. User-mode
> >> linux kernel seems to allow it too but I'm not sure how stable is it
> >> and if there are exist any limitations.
>
> CC> I just found a page that might contain what you are looking for:
>
> CC> http://www.gnu.org/directory/vsd.html
>
> CC> "VSD - Facilitates Linux Virtual Servers within a 'chroot'
> CC> environment."
>
> Yes, I've seen it and simular solutions. The problem is that as I have
> wrote 'chroot is not safe enough'. It is not possible to give root
> rights to people in chroot'ed environment if you don't want to trust them.
>
> BTW except problems with direct access to devices and possibility to
> escape chroot by root there is exist another problem (for me) with
> chroot. Chroot only allows isolations of boxes at filesystem
> level. For example you can't have two mailservers running at the same
> time - first in first virtual box, second in another. At least you
> can't do it unless you configure them to listen on different
> interfaces. (BTW is it possible to create several loopback interfaces
> - I think no).
>
> Let me describe my needs.
>
> 1) I want to build testing and development envronment for developers
> in my company. Thereis several developers who works on different
> project. Often it is much more easier to give developers root access
> then try to fune tune sceurity system on development servers so they
> will be able to install/configure software there. So I want to just
> create several virtual boxes and give there freely root access. So I
> can be sure than one group of developers can't break things for
> another group.
>
> 2) Another task is building automated tests for our software. One product
> our developers work on is maillist software. For creation of automated
> tests for this software it is *required* to have several boxes. If I
> just can create a bunch of virtual boxes it will be very usefull.
>
> Combining 1) and 2) gives need for independant virtual boxes. 'chroot'
> is not good enough.
>
> CC> [..skip..]
>
> --
> Ilya Martynov
> AGAVA Software Company, http://www.agava.com
>
> --
> To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: