Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
miah: > As far as FreeBSD Jail, I belive its similar to UML. You end up > running a completely virtual system inside the host system, which means > more stuff to maintain. Its cool if you lack the hardware, but I don't > see it really gaining you anything. You still need to chroot everything > inside the jail, and the jail does impose some restrictions, but so does > linux + grsecurity and a properly configured grsecurity ACL. > The main difference (for my purposes) between UML and jail is that with UML, the virtual server's kernel process is separate from the host's kernel process; with a jail, there's one kernel running everything. If people were paying me money for shell accounts in which they needed root access, I would sleep better using UML. However, from what I've read of the documentation for both, jail would be easier for me to set up and administer. (*BSD puts the kernel, libraries, and all the standard Unix utilities in one big source tree, so "make world DESTDIR=/path/to/jail" sets up almost everything I would need.) I'm interested in learning more about mandatory access control systems (like they have in grsecurity), and I suspect that a well-configured MAC policy will do everything for security that the virtual servers will do. However, I want to get virtual servers working first, because they seem harder for a non-wizard like me to screw up. --sethg
BLU is a member of BostonUserGroups | |
We also thank MIT for the use of their facilities. |