Sthu Deus wrote:
Thank You for Your time and answer, randall:
thanks to the fact it shares the same kernel with the host and all the
guests, but this could be a disadvantage if you need a seperate kernel
per guest.
One of the reasons I would like to use virtualization is security... so, how
does using of a single kernel affect total security/separation - at my view -
it does not help in this view. Though I do not know how openvz or xen work...
i'm not an expert but i will explain a little what i think i know.
xen and vmware can give you the best seperation/security because each
guest will run its own kernel, this will affect the performance however
since you are simply running several complete operating systems ( you
could run linux in 1 guest, windows in another and FreeBSd in yet
another etc... )
VServer and i guess also openvz are simply a very smart way of using
chroot to isolate several services just like the jails utility in
FreeBSD, this off course has the advantage that there is no performance
overhead , VServer is set up by default not to allow the guest direct
access to the kernel but for some programs, like bind, you have to
loosen up the privileges to the kernel a little so this brings a little
risk although most programs will run without any modification needed.
also, with xen and vmware you can run a firewall inside each guest
itself as well which you can not do with VServer since this needs kernel
access, with VServer i have the firewall on the host system
allowing/blocking traffic to the guests.
Openvz basically is somewhere in the same league as VServer, i started
with VServer and it did what i wanted + a active and extremely helpfull
mailinglist so i never looked back
Did You compile Your own kernels for Debian? - And then ever after - on update?
some do, but i always use the vserver patched kernel from the repos, it
never gave me any problems and i'm always assured of the security
updates, did not have any issue when upgrading from etch to lenny.
The thing you heard was broken is the vserver-debiantools package which
apparently is in a bad state for years already ( have used these in the
past and still do, but i never experienced a problem myself ).
But you simply do not need this package, just follow the directions on
the VServer wiki
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org