On Fri, Aug 13, 2010 at 11:58 AM, Enrico Weigelt <weig...@metux.de> wrote: > * Mark Knecht <markkne...@gmail.com> wrote: > > Hi, > >> Since I'm not an IT guy could you please explain this just a bit >> more? What is 'a container'? Is it a chroot running on the same >> machine? A different machine? Something completely different? > > http://lxc.sourceforge.net/ > http://wiki.openvz.org/Main_Page > > Unlike VM solutions like kvm, vmware, etc, these (OS-side) > container implementations split off the operating system > resources (filesystem, network interfaces, process-IDs, ...) > into namespaces, so each container only sees its own resources, > not those of the host system or other containers. > > That's essentially what's behind the "virtual private server" > solutions offered by various ISPs. > >> In the OP's case (I believe) he thought a personal machine at home >> was compromised. If that's the case then without doubling my >> electrical bill (2 computers) how would I implement your containers? > > He would have several virtual servers running on just one metal. > If the host system is not accessible from the outside world, just > the virtual servers - an attacker could probably highjack what's > inside the virtual servers, but cant get to the host system. > > > cu
Thank you Enrico. I'll have to learn about this. Cheers, Mark
