 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
Once the post-Christmas inventory clearance season is underway, I am planning to order myself a new server. One thing I'd like to do with this machine is partition it into serveral virtual servers, so that even if, say, someone exploits a bug in a script running on my Web site, they won't be able to trash my email. FreeBSD has a "jail" command which functions like "chroot", but is more restrictive, so that even if someone becomes root in the jail, they can't access or modify anything outside the jail (unless they find a security hole in the OS kernel itself, of course). There's a "Linux-vserver" project which aims to provide similar features for Linux. Also, there's "User Mode Linux", which can encapsulate a whole instance of Linux as a process running as a normal user inside another Linux machine. Based on what I've read, I am leaning toward the FreeBSD version (and wishing that OpenBSD had the same thing), because Linux-vserver doesn't look like a very mature project, and I'm afraid that UML would have too much performance overhead. On the other hand, if I ever have to pollute my home machines with Java again (it's bad enough that I have to use Java at work :-), I'd rather run it on Linux. Does anyone out there have experience with any of these tools (or any other way of achieving the same goal)? --sethg
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
