Re: [Vserver] [Release] Stable 2.2.0 : where is the changelog?
On Wed, 2007-04-04 at 16:34 +0200, Daniel Hokka Zakrisson wrote: Something is solliciting my curiosity though: - privacy for guests, which will hide things from xid 1 I am not sure I am found of that privacy thing. That's why it's configurable ;-) snip Isn't supposed to be able to see everything in the system? Well, not if you want to protect the guests from the host. At the risk of sounding ungreatful for all of the hard work done on vserver - what is the 'use case' for this feature? As I understand it there is nothing to keep the host from playing with /dev/kmem or otherwise tampering with the kernel, so I can't see how a feature like this will provide any strong guarentees; unless heirarchies of contexts (which would be extreemly cool) are planned. Or is it just intended as a 'speed bump' / politeness feature? Thanks for all of the hard work and the new stable version. Cheers, - Martin ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] [Release] Stable 2.2.0 : where is the changelog?
that's one of the reasons i patch the vserver kernel with grsec too. also you get PAX (aslr, mprotect stuff,...) features (www.grsecurity.net) which makes it extremely hard to write to /dev/kmem, /dev/mem, it hides dangerous addresses to make exploitation harder, etc... if you want enhanced security and you know something about grsecurity (which means, you know how to secure a box): http://people.linux-vserver.org/~harry there you'll find the info you need. since this is ... well... personal choice in what to enable/disable, you're not gonna find this together with some distro. nevertheless, i include example configs (for dell and HP servers at work) good luck with it :) Martin wrote: At the risk of sounding ungreatful for all of the hard work done on vserver - what is the 'use case' for this feature? As I understand it there is nothing to keep the host from playing with /dev/kmem or otherwise tampering with the kernel, so I can't see how a feature like this will provide any strong guarentees; unless heirarchies of contexts (which would be extreemly cool) are planned. Or is it just intended as a 'speed bump' / politeness feature? -- harry aka Rik Bobbaers K.U.Leuven - LUDIT -=- Tel: +32 485 52 71 50 [EMAIL PROTECTED] -=- http://people.linux-vserver.org/~harry Nobody notices when things go right. Disclaimer: http://www.kuleuven.be/cwis/email_disclaimer.htm ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] [Release] Stable 2.2.0 : where is the changelog?
Martin wrote: On Wed, 2007-04-04 at 16:34 +0200, Daniel Hokka Zakrisson wrote: Something is solliciting my curiosity though: - privacy for guests, which will hide things from xid 1 I am not sure I am found of that privacy thing. That's why it's configurable ;-) snip Isn't supposed to be able to see everything in the system? Well, not if you want to protect the guests from the host. At the risk of sounding ungreatful for all of the hard work done on vserver - what is the 'use case' for this feature? As I understand it there is nothing to keep the host from playing with /dev/kmem or otherwise tampering with the kernel, so I can't see how a feature like this will provide any strong guarentees; unless heirarchies of contexts (which would be extreemly cool) are planned. Or is it just intended as a 'speed bump' / politeness feature? Of course the host admin can still do whatever she wants, but if you're in the business of selling truly private guests, i.e. guests without VXF_STATE_ADMIN (meaning they cannot be administered from the host), a kernel with privacy enabled, each guest living on an encrypted device only the guest has access to etc., doing so would probably not be appreciated by the clientele. -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] [Release] Stable 2.2.0 : where is the changelog?
On Mon, 2007-04-09 at 16:05 +0200, Daniel Hokka Zakrisson wrote: Martin wrote: On Wed, 2007-04-04 at 16:34 +0200, Daniel Hokka Zakrisson wrote: Something is solliciting my curiosity though: - privacy for guests, which will hide things from xid 1 I am not sure I am found of that privacy thing. That's why it's configurable ;-) snip Isn't supposed to be able to see everything in the system? Well, not if you want to protect the guests from the host. At the risk of sounding ungreatful for all of the hard work done on vserver - what is the 'use case' for this feature? As I understand it there is nothing to keep the host from playing with /dev/kmem or otherwise tampering with the kernel, so I can't see how a feature like this will provide any strong guarentees; unless heirarchies of contexts (which would be extreemly cool) are planned. Or is it just intended as a 'speed bump' / politeness feature? Of course the host admin can still do whatever she wants, but if you're in the business of selling truly private guests, i.e. guests without VXF_STATE_ADMIN (meaning they cannot be administered from the host), a kernel with privacy enabled, each guest living on an encrypted device only the guest has access to etc., doing so would probably not be appreciated by the clientele. So it is a politeness feature; who's existance is aimed at reassuring users of guests that the hosts admins are behaving themselves. Thanks. Cheers, - Martin ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] [Release] Stable 2.2.0 : where is the changelog?
Thanks for the change log Daniel. Something is solliciting my curiosity though: - privacy for guests, which will hide things from xid 1 I am not sure I am found of that privacy thing. Isn't xid 1 the monitoring context? Isn't supposed to be able to see everything in the system? For instance, if I remember correctly, vserver-stat uses xid 1 to mesure the memory usage of each vserver... Maybe it's an irrational fear, but it seems to me like an invitation to root kits... With this privacy option, how will we be able to precisely account the memory usage of each vserver? Guillaume Pratte Daniel Hokka Zakrisson a écrit : The major changes are: - COW link breaking - 2.6.19+ support (i.e. using the mainline namespaces) - capability masking, allowing things like bind9 to run unmodified in guests - artificially advancing idle time, allowing fair sharing of CPU resources among guests - accounting APIs, making it easier to write monitoring programs And a few of the rather minor/less useful changes: - allows raising the bcapabilities of a guest while it's running - virtualized time - the ability to create private guests, that cannot be easily administered from the host - warnings without CONFIG_VSERVER_DEBUG (so Debian users will see them too...) - legacy disabled by default (so util-vserver 0.30.213+ recommended) - privacy for guests, which will hide things from xid 1 - a scheduling monitor -- Guillaume Pratte Recherche et développement Révolution Linux Toutes les opinions et les prises de position exprimées dans ce courriel sont celles de son auteur et ne répresentent pas nécessairement celles de Révolution Linux. Any views and opinions expressed in this email are solely those of the author and do not necessarily represent those of Revolution Linux. ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] [Release] Stable 2.2.0 : where is the changelog?
Guillaume Pratte wrote: Thanks for the change log Daniel. Something is solliciting my curiosity though: - privacy for guests, which will hide things from xid 1 I am not sure I am found of that privacy thing. That's why it's configurable ;-) Isn't xid 1 the monitoring context? Yes. Isn't supposed to be able to see everything in the system? Well, not if you want to protect the guests from the host. For instance, if I remember correctly, vserver-stat uses xid 1 to mesure the memory usage of each vserver... In older versions/kernels, yeah. But that's already rather broken by design. Maybe it's an irrational fear, but it seems to me like an invitation to root kits... With this privacy option, how will we be able to precisely account the memory usage of each vserver? vserver-stat in util-vserver 0.30.213 doesn't use xid 1 anymore (if you have a recent enough kernel that has the accounting APIs). -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] [Release] Stable 2.2.0 : where is the changelog?
Daniel Hokka Zakrisson a écrit : Guillaume Pratte wrote: Maybe it's an irrational fear, but it seems to me like an invitation to root kits... With this privacy option, how will we be able to precisely account the memory usage of each vserver? vserver-stat in util-vserver 0.30.213 doesn't use xid 1 anymore (if you have a recent enough kernel that has the accounting APIs). Can you tell me in which version of the patch the accounting APIs where introduced? (Is it in the just-released 2.2.0?) Can you point me toward the documentation of these APIs? -- Guillaume Pratte Recherche et développement Révolution Linux Toutes les opinions et les prises de position exprimées dans ce courriel sont celles de son auteur et ne répresentent pas nécessairement celles de Révolution Linux. Any views and opinions expressed in this email are solely those of the author and do not necessarily represent those of Revolution Linux. ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] [Release] Stable 2.2.0 : where is the changelog?
Guillaume Pratte wrote: Daniel Hokka Zakrisson a écrit : Guillaume Pratte wrote: Maybe it's an irrational fear, but it seems to me like an invitation to root kits... With this privacy option, how will we be able to precisely account the memory usage of each vserver? vserver-stat in util-vserver 0.30.213 doesn't use xid 1 anymore (if you have a recent enough kernel that has the accounting APIs). Can you tell me in which version of the patch the accounting APIs where introduced? (Is it in the just-released 2.2.0?) I wrote: The major changes are: ... - accounting APIs, making it easier to write monitoring programs Can you point me toward the documentation of these APIs? include/linux/vserver/{limit,sched}_cmd.h is probably the best. -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] [Release] Stable 2.2.0 : where is the changelog?
Hello, Where can I find the change log from version 2.02? I don't see it linked from http://www.13thfloor.at/vserver/s_rel26/v2.2.0/ Thanks! Guillaume Herbert Poetzl a écrit : Greetings Community! after a longer rc stage, to get rid of all the minor issues, we proudly present the first release of the new stable 2.2 branch, which includes all the 'considered stable' features of the previous devel branch (2.1.x) which has been superceded by the 2.3.x devel branch ... http://www.13thfloor.at/vserver/s_rel26/v2.2.0/ (tools supposed to work fine on Mandriva 2007.x) thanks to all who helped in development and did test the release candidates ... enjoy, Herbert ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver -- Guillaume Pratte Recherche et développement Révolution Linux Toutes les opinions et les prises de position exprimées dans ce courriel sont celles de son auteur et ne répresentent pas nécessairement celles de Révolution Linux. Any views and opinions expressed in this email are solely those of the author and do not necessarily represent those of Revolution Linux. ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] [Release] Stable 2.2.0 : where is the changelog?
Guillaume Pratte wrote: Hello, Where can I find the change log from version 2.02? I don't see it linked from http://www.13thfloor.at/vserver/s_rel26/v2.2.0/ Thanks! Guillaume AFAIK there is none. In theory, a combination of http://linux-vserver.org/ChangeLog-2.1 and http://linux-vserver.org/ChangeLog-2.2 should get you there, but the first is horribly out of date, so here's a little ChangeLog-according-to-Daniel. The major changes are: - COW link breaking - 2.6.19+ support (i.e. using the mainline namespaces) - capability masking, allowing things like bind9 to run unmodified in guests - artificially advancing idle time, allowing fair sharing of CPU resources among guests - accounting APIs, making it easier to write monitoring programs And a few of the rather minor/less useful changes: - allows raising the bcapabilities of a guest while it's running - virtualized time - the ability to create private guests, that cannot be easily administered from the host - warnings without CONFIG_VSERVER_DEBUG (so Debian users will see them too...) - legacy disabled by default (so util-vserver 0.30.213+ recommended) - privacy for guests, which will hide things from xid 1 - a scheduling monitor -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver