| |||||||||||||
Does Linux support multi-user?Does Linux support multi-user?Posted Jul 18, 2011 0:30 UTC (Mon) by mathstuf (subscriber, #69389)In reply to: Does Linux support multi-user? by raven667 Parent article: Reactive vs. pro-active kernel security
So, if I'm reading this right, Linux now has an analogue to FreeBSD jails, but is just lacking the tools to manage them easily?
(Log in to post comments)
Does Linux support multi-user? Posted Jul 18, 2011 9:45 UTC (Mon) by Klavs (subscriber, #10563) [Link]
Linux had vserver (an external patch) for many years - but finally a solution in the mainline has come about - called lxc (Linux containers) - http://lxc.teegra.net/ - it's actually pretty easy to setup IMHO
Does Linux support multi-user? Posted Jul 18, 2011 16:45 UTC (Mon) by geuder (subscriber, #62854) [Link]
> but finally a solution in the mainline has come about - called lxc (Linux containers)
True, I forgot completely about that one. We have actually used it here in one project, but to isolate only one "untrusted guest" from the host system. Haven't thought about running tens of containers, but I could imagine that the overhead is pretty low especially compared to VMs.
But lxc would not help to get more consensus about these security "issues" this discussion started from. If the kernel were affected by some information disclosure or denial of service issues, in many cases the issue would not be limited to processes running inside the same container.
So the nice argument that within one container we can just talk about a single user system and don't worry that much about about information disclosure/denial of service/pro-active security would just not apply to many cases. No free lunch this time either :(
|
|||||||||||||