[grsec] virtualisation with grsecurity
Marcel Meyer
meyerm at fs.tum.de
Sat Aug 26 15:40:04 EDT 2006
Hello Rik,
thank you for answering my questions.
Am Freitag, 25. August 2006 14:39 schrieb Rik Bobbaers:
> Marcel Meyer wrote:
> > [..]
> > Finally to sum it up: which virtualisation software would you suggest,
> > when I want to set up a "more secure than default"-system (grsecurity &
> > co favoured of course ;-) ).
>
> if you want a different kind of virtualisation (a lot faster than xen,
> but on another level), you should look at:
> http://linux-vserver.org/
Thank you for your suggestion. I already looked at vserver before. However,
I read about many problems getting vserver and grsecurity to work
peacefully together (you see, I _did_ use google before asking ;-) ). I
have to admit that many of them dated back to 2005.
> the merged patches from grsecurity and linux-vserver are at:
> http://ludit.kuleuven.be/software/vserver
It seems to be possible...
> i use it on a lot of different servers over here... really nice piece of
> software imho ;)
I'm chicken-hearted using non-"standard" kernel-versions on a productive
server ;-). Not because I don't trust the guys whose website you mentioned,
but because of stability (but you say, you use it on "a lot" of servers, so
I may assume everything works stable?) and even more because of the future
of the patchset.
Do you thin this combination keep up with the kernel- and
grsecurity-development? Because I simply don't dare doing the patchwork of
such huge and complex patches for myself when they need adjusting to get to
work...
May I ask you, if you already tried openvz or sth. similar and can explain
to me (very short!) why vserver should be prefered? If you don't have any
further experience with other virtualisation techniques that's perfectly
ok.
Thank you for your time,
Marcel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://grsecurity.net/pipermail/grsecurity/attachments/20060826/20f5fd7c/attachment.pgp
More information about the grsecurity
mailing list