At 22:17 +0200 29/05/11, Lukas-David Gorris wrote:
Hello,
...
Not everybody will like the idea of using chroot. Personally I have been
using org.openembedded.dev based environment for a long time and never
needed it.
...
Best,
Lukas
_______________________________________________
Shr-devel mailing list
[email protected]
http://lists.shr-project.org/mailman/listinfo/shr-devel
Hi Lukas
If want to use chroot for security reasons, you ought to look at:
Linux-VServer IPv6 working nativly:
http://www.youtube.com/watch?v=ag5SeTV422Y
Squeak for the kids! Use Linux-vserver power
before giving your Neo to a kid (or someone else)
Re: Idea for OpenMoko: Kid Mode:
http://www.mail-archive.com/[email protected]/msg02112.html
http://en.wikipedia.org/wiki/Bitfrost
Bitfrost: the One Laptop per Child Security Model:
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.134.123&rep=rep1&type=pdf
Quote: "...
To this end, we have designed and are
implementing Bit- frost, a security platform for
the children's laptop that borrows from many
recent developments in the field of usable
security (HCI-SEC). Freed from the requirement to
support legacy software, we believe that we have
created a system that may allow children to learn
and experiment with advanced technology without
falling prey to those who would harm them or
their machines.
...
The laptop is based on an AMD Geode LX-700
processor running at 433 MHz. It has a 7.5-inch
screen that can operate in either a medium
resolution color or high resolution black and
white mode, a wireless mesh network, camera that
supports video, a microphone, and three USB
ports. There is 256 MB of RAM
...
We have seen many security systems fail or become
unusable because of their inability to address
the identification and authentication of
manufacturers, publishers, and users.
...
Once the kernel boots, the P_SF_RUN runtime
protection system takes over. As mentioned above,
this system is based on VServer, a lightweight
Linux virtualization system that has been widely
used at shared hosting Internet service providers
..."
2007-04-17 Debian 4.0 Tiptoes to Leading Edge:
http://www.eweek.com/c/a/Linux-and-Open-Source/Debian-40-Tiptoes-to-Leading-Edge/
Quote: "...
Debian 4.0 also ships with support for Xen
virtualization, as well as for Linux-VServer
virtualization.
..."
Linux-VServer for Debian:
http://wiki.njh.eu/Linux-VServer_for_Debian
May 17th, 2007 Linux Virtualization = Linux-VServer:
http://www.utahsysadmin.com/2007/05/17/linux-virtualization-linux-vserver-xen/
Qoute: "...
Linux Vserver, on the other hand is only useful
for having multiple Linux-based servers that have
the same kernel. This is much more efficient,
because each host server doesn't have the extra
overhead of an entire kernel. But it does have
some limitations. You obviously can't run a
Windows server under a Linux Vserver host. The
versions I've worked on also have some
limitations with iptables and quotas (Although
some of these may be fixed in recent versions).
...
On the plus side, for Linux-Vserver, I've heard
that the One Laptop Per Child (OLPC) project is
using it as part of their security model. They
are using it so that each application runs in its
own virtual server and can't disrupt other
applications.
..."
2010-09-03 An Even Easier Linux-VServer -Virtual Server - Tutorial:
http://www.cedarcreeksoftware.com/an-even-easier-linux-vserver-tutorial.html
Quote: "...
Linux-Vserver is a very interesting tool for
setting up a quick virtual host without the pains
and expense of some other system like XEN or
VMWare. It's more secure and "standalone-ish"
than any of the Jail packages I've tried.
..."
2007-11-06 Interview: Linux-VServer Project Leader Herbert Pƶtzl:
http://www.montanalinux.org/linux-vserver-interview.html
Quote: "...
Bertl: Linux-VServer is an isolation technique in
concept very similar to BSD Jails or Solaris
Containers, which allows multiple Linux
environments to run on a single kernel side by
side, with no measurable overhead.
...
The idea was quite simple, but the implementation
took a long time to get perfected. Today we not
only have Unification, but also Copy on Write
(CoW) Link Breaking.
...
As far as I know, the following distributions
have some kind of Linux-VServer package/option
available:
* ALT Linux, Arch Linux, Debian, Fedora, Gentoo,
Knoppix, Mandriva, PLD Linux, Rock Linux,
Slackware, T2, and Ubuntu
...
Large Deployments are definitely PlanetLab and
Lycos Europe, but I also heard rumors about Cisco
and other larger companies. As we do not require
any registration to use the software, there is no
real way to tell, and personally, I do not care
that much about the numbers.
...
Bertl: Linux-VServer drastically increases
security if used properly, so yes, that is
actually one of the main usage scenarios of
Linux-VServer, although most folks will consider
hosting and server consolidation the primary area
of application.
...
Bertl: chroot(), contrary to common belief, is
not a security mechanism per se, it just changes
the view of a process.
...
Bertl: Yes, at least one person is actively using
Xen and Linux-VServer together, but I guess there
are more out there, especially as Xen and
Linux-VServer go nicely side by side
complementing each other, you won't use a fork
when you need a spoon and vice versa.
...
[Comments]
...
I've been "playing" with vserver for years (is it
that long) now and finally had the opportunity to
deploy it in my datacenter earlier this year when
we consolidated our Athlon 2800 servers onto
quad-core Opterons.
In addition to saving a ton of space. money and
pain it made one specific thing very easy...
Cleaning up after a comprimise.
The systems we migrated were RHEL AS 2.1 systems
(RHEL 5 was in beta) and brought with them a TON
of security holes. It wasn't too long afterwards
that we noticed one of the servers had been
cracked. Normally, you can't trust your own tools
when that happens, but due to the added layer of
protection, I was able to easily use the host
system's tools to replace the rooted utilities to
get my servers functional ASAP.
..."
http://www.shorewall.net/Vserver.html
http://wiki.debian.org/LinuxVserver
Reload this Page Advice on virtualization: OpenVZ or Linux-VServer:
http://www.linuxquestions.org/questions/slackware-14/advice-on-virtualization-openvz-or-linux-vserver-640069/
21. October 2009 Remote backup of Linux vserver
http://mark.nellemann.nu/2009/10/21/remote-backup-of-linux-vserver/
Jun 23, 2009 Migrating an entire linux-vserver
virtual server to another machine:
http://www.upfrontsystems.co.za/Members/izak/sysadman/migrating-an-entire-linux-vserver-virtual-server-to-another-machine
January 14th, 2008 Linux-Vserver vs Xen:
http://allmybrain.com/2008/01/14/linux-vserver-vs-xen/
Citat: "...
Linux-Vserver uses a simpler approach to virtualization than Xen does.
..."
http://wiki.openvz.org/Main_Page
http://wiki.openvz.org/Migration_from_Linux-VServer_to_OpenVZ
best regards,
Glenn
_______________________________________________
Shr-devel mailing list
[email protected]
http://lists.shr-project.org/mailman/listinfo/shr-devel
