Marc E. Fiuczynski wrote:
In commercial VPS hosting the host system administrator is the hosring provider while the VPS administrator is the client.Hi Sandino,
In what compelling VPS scenarios is the VPS administrator != host system
administrator?
The client needs to issue a ticket each time he needs the hosting provider to setup a new iptables rule or a new grsec ACL.
Marc
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Sandino Araico Sánchez Sent: Wednesday, September 15, 2004 10:36 PM To: [EMAIL PROTECTED] Subject: Re: [Vserver] Reiser4 views/process oriented security proposal
Christian Mayrhuber wrote:
Could become interesting: http://www.namesys.com/blackbox_security.html
The process-oriented ACL seems functionality equivalent to grsec process-based ACLs. One disadvantage of grsec + vserver is that ACLs are applied system-wide and must be administered on the mother server. The same applies to iptables rules. The advantage of Reiser's views model is that since they are defined on the file attributes they can be defined inside the scope of the children vservers so each vserver admin will be able to define his own ACLs just by defining ACL attributes on every file to be execcuted. The VPS administrators using Reiser 4 will be able to define process-oriented ACLs as they wish whenever they wish while VPS administrators using grsec ACLs must rely on their host system administrator to apply the rules as they better understand.
What do you think, maybe views instead of chroot() + mount --bind?
_______________________________________________ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver
_______________________________________________
Vserver mailing list
[EMAIL PROTECTED]
http://list.linux-vserver.org/mailman/listinfo/vserver
_______________________________________________ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver