| Re: VPS users interfere with HN ones [message #9501 is a reply to message #9498] |
Sun, 07 January 2007 21:05  |
|
|
To add to what Rick just said:
(1) VE0, i.e. the host system itself, is considered to be «a parent» to all the VEs, thus it sees all the processes in all VEs. Sometimes this is handy for debugging VE-related problems. You can find out that VE a process with a given PID belongs to by checking the envID field in /proc/PID/status file.
(2) It is not recommended to run in VE0 anything but OpenVZ management-related tasks. I.e. it is not a good idea to have, say, MySQL installed in VE0 (just create a separate VE for it), or have ordinary users for the purposes other than OpenVZ HN administration tasks. The only networking daemon that you should run in VE0 should be sshd. If you will follow this recommendation you will not have problems with global process visibility. If you will not follow this recommendation, you could have severe security flaws/problems.
Kir Kolyshkin
|
|
|
|
OpenVZ Forum
Members
Search
Help
Register
Login
Home
