OpenVZ Forum


Home » General » Support » *DISCUSSED* Does OpenVZ have support for GrSecurity?
Re: Does OpenVZ have support for GrSecurity? [message #15091 is a reply to message #15081] Wed, 18 July 2007 15:44 Go to previous messageGo to previous message
joelee is currently offline  joelee
Messages: 63
Registered: April 2006
Member
Dev, I thank you for your comments below. However, I must say that I don't share your views to saying:
Quote:


Then use dedicated VE for each of them (which is a much hardened chroot protection even compared to grsec) and be happy.


That statement is not practical to give each user dedicated VE. While OpenVZ VE is great I don't think its designed to give each user VE to improve security. VE are used mainly to consolidate servers and offering isolation for those servers. That's why there's tools like GrSecurity, SELinux, IPtables and such to provide additional layer of security for users.

I am not much of an expert in this area and respect your other comments implying GrSecurity is not much of help. So, how about SElinux, RBAC, Running tools like Bastille to harnend the OS. Will they not prove helpful either.

IMO, I think it would be best for someone who can fix the issues regarding GrSecurity and perhaps other tools so that they can be used by used properly with OVZ.

Joe

Report message to a moderator

[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: Online migration "Error: undump failed: Invalid argument"
Next Topic: Multicast client can't see traffic inside the virtual machine
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ] [ PDF ]

Current Time: Fri Jul 12 12:16:49 GMT 2024

Total time taken to generate the page: 0.02313 seconds
Powered by FUDforum Powered by Virtuozzo Containers