On Sun, Nov 1, 2009 at 8:15 PM, <bryanm@acsalaska.net> wrote:
> On Sun, November 1, 2009 4:01 pm, Shane Spencer wrote:
>> If anybody wants a primer on UML. =A0Let me know - I'm more than happy
>> to show off this ancient solution that's been around since Linux 2.2
>> that boots faster and uses far less memory than any modern full
>> virtualization product even on virtualization aware processors. =A0I use
>> VDE2 to emulate 802.1q capable switches with STP. =A0It works
>> wonderfully when configuring redundant router solutions and testing
>> complicated network scenarios while using minimal resources.
>>
>> I also use OpenVZ for an even lower footprint jail style solution.
>> Except this jail can handle many netfilter modules and bind it's own
>> virtual interface and do hot migrations. =A0Similar things can be said
>> for VServer which has it's own bag of tricks.
>
> This stuff sounds interesting. =A0Would these be good choices to
> boost desktop security by putting a web browser or other open/
> vulnerable app in a virtualized compartment?
>
> --
> Bryan Medsker
Yup. When you have a service that you don't want escaping as root
then wrecking the system yuo can at least isolate the wreckage to a
virtual instance. However if all you want is to secure sftp/ssh/rsync
file access to a server which somewhat secure services would then
serve you wouldn't need as much isolation. scponly would and does
work well for isolating sftp sessions to a chroot environment that the
host can access easily enough.
- Shane
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Mon Nov 2 10:01:05 2009
This archive was generated by hypermail 2.1.8 : Mon Nov 02 2009 - 10:01:05 AKST