OpenVZ Forum


Home » General » Support » *DISCUSSED* Does OpenVZ have support for GrSecurity?
Re: Does OpenVZ have support for GrSecurity? [message #15092 is a reply to message #15091] Wed, 18 July 2007 16:15 Go to previous messageGo to previous message
dev is currently offline  dev
Messages: 1693
Registered: September 2005
Location: Moscow
Senior Member
Ouch, I definetely didn't mean to say that any of these technologies is useless Embarassed Sure, not.

What I meant to say is that VEs are designed to be fully isolated - in resource management, in networking (can't sniff etc.), file systems, etc. So 2 users in 2 different VEs are isolated in many regards better that on a signle machine using 2 different users with SELinux IMHO. It's my imho. Why? because SELinux doesn't try to solve DoS issues, resource management issues and so on. It solves only accessibility issues.

What VEs do not try to solve at all - protection from the other world. Sure, iptables and firewalls do it's job here.

And I fully support your statement that it would be fine if OpenVZ could support all of them. I guess SELinux must be the first one, as it is a part of mainstream kernel.

http://static.openvz.org/userbars/openvz-developer.png

Report message to a moderator

[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: Online migration "Error: undump failed: Invalid argument"
Next Topic: Multicast client can't see traffic inside the virtual machine
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ] [ PDF ]

Current Time: Fri Jul 12 12:26:56 GMT 2024

Total time taken to generate the page: 0.02311 seconds
Powered by FUDforum Powered by Virtuozzo Containers