[Devel] Re: [Users] a newbie question

cheetah xuwh06 at gmail.com
Sun Jun 17 04:10:42 PDT 2012


Thanks a lot for the info, Martin.

Nice to know Openvz kernel is based on RHEL6. I am wondering how fast it is
released after a new release of RHEL?

Thanks.
Peter

On Sun, Jun 17, 2012 at 6:56 PM, Martin Dobrev <martin at dobrev.eu> wrote:

>
>
> Martin Dobrev
>
> Sent from iPhone 4
>
> On 17.06.2012, at 13:25, cheetah <xuwh06 at gmail.com> wrote:
>
> > Hi guys,
> >
>
> Hi Peter,
>
> > I am a newbie to openvz and preparing to deploy it in my production
> environment to give each user a container. I have the following concerns
> now.
> >
> > 1. Can user load kernel modules in the guest container without
> influencing the host kernel or other container's kernel? As far as I
> understand, all the containers share the same kernel of the host. So I am
> wondering if this is possible?
> >
>
> Some modules can be shared from the host sytem to the containers. More
> info in the vzctl man page.
>
> > 2. Or how is the container's security isolation? Can I give user root
> access in the container? Is there any hack that he/she can use root in the
> container to attack the host or other containers?
> >
> It's impossible to gain host system access using a kernel bug as far as I
> know. Some kernel exploits are still able to crash the hole system. Giving
> root in the container will be considered as secure as giving root on
> physical server.
> > 3. Does openvz kernel support kvm?
> >
> It's possible to have Xen and KVM compiled in the OVZ kernel but you'll
> need to compile it yourself.
> > 4. What is recommended distro of Linux to install openvz? I am now using
> CentOS 6.2. How about Debian?
> >
> Mainstream kernel development follows the RHEL kernel branches, so best
> for you will be CentOS. I have some production systems on it too.
> > Thanks a lot for answering my stupid questions.
> >
> I hope my info helps.
> > Regards,
> > Peter
> > _______________________________________________
> > Users mailing list
> > Users at openvz.org
> > https://openvz.org/mailman/listinfo/users
>
> P.S. There is no need to write to the devel list directly for user
> questions.
> _______________________________________________
> Users mailing list
> Users at openvz.org
> https://openvz.org/mailman/listinfo/users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openvz.org/pipermail/devel/attachments/20120617/0bc09de6/attachment-0001.html>


More information about the Devel mailing list