Hello Matthew,
Here's an example in on of my containers:
root@nasty:~# ps ax
PID TTY STAT TIME COMMAND
1 ?Ss 0:13 init [3]
44 ?Ss 0:02 /usr/sbin/syslogd
141 ?Ss 0:00 /usr/sbin/sshd
144 ?S 0:01 /usr/sbin/crond -l6
149 ?
Hi guys,
I'm trying to run two containers of Fedora 15 over Fedora 15 host
through libvirt on an amd64 host. However so far I've not been able to
setup the environment and going through the list it seems there are some
issues with systemd, however I'm not really sure how to make it work.
I'm new t
Patrick/Oliver,
Thanks for the quick response. As a security guy I hate it when folks
post weaknesses without providing (or taking the time to investigate)
workarounds.
And there seems to be a lot of FUD out there on the blogs regarding
OpenVZ vs. LXC. :(
- mdf
On Sun, Jul 31, 2011 at 10:58 AM
Dnia 2011-07-30, sob o godzinie 21:10 -0400, Matthew Franz pisze:
> Had seen some previous discussions before, but are there any ways to
> mitigate this design vulnerability?
>
> http://blog.bofh.it/debian/id_413
>
> Are there any workarounds?
>
> Thanks,
>
> - mdf
>
The blog post explicitly
On Sun, 2011-07-31 at 17:59 +0200, Robert Kawecki wrote:
> Dnia 2011-07-30, sob o godzinie 21:10 -0400, Matthew Franz pisze:
> > Had seen some previous discussions before, but are there any ways to
> > mitigate this design vulnerability?
> >
> > http://blog.bofh.it/debian/id_413
> >
> > Are ther
That's where MAC system comes handy.
--
Sent from my Android phone with K-9 Mail. Please excuse my brevity.
"Michael H. Warfield" wrote:
On Sun, 2011-07-31 at 17:59 +0200, Robert Kawecki wrote:
> Dnia 2011-07-30, sob o godzinie 21:10 -0400, Matthew Franz pisze:
> > Had seen some previous disc
On Sun, 2011-07-31 at 16:42 +0200, Mauras Olivier wrote:
> Hello Matthew,
>
> Here's an example in on of my containers:
>
> root@nasty:~# ps ax
> PID TTY STAT TIME COMMAND
> 1 ?Ss 0:13 init [3]
>44 ?Ss 0:02 /usr/sbin/syslogd
> 141 ?Ss 0:00 /
On Sun, 2011-07-31 at 23:02 +0200, Olivier Mauras wrote:
> That's where MAC system comes handy.
Was just reading up on that from your earlier post. Very nice. I see I
have some reading a research to do. I posted a URL to an IBM paper in a
reply to your earlier post.
> --
> Sent from my Andro
Yes I started using smack after digging trough this article :)
As for capabilities I usually start from the most restrictive, removing one by
one until I want the container to work as expected.
Regards,
Olivier
--
Sent from my Android phone with K-9 Mail. Please excuse my brevity.
"Michael H. W