Thanks a lot for the info, Martin. <br><br>Nice to know Openvz kernel is based on RHEL6. I am wondering how fast it is released after a new release of RHEL?<br><br>Thanks.<br>Peter<br><br><div class="gmail_quote">On Sun, Jun 17, 2012 at 6:56 PM, Martin Dobrev <span dir="ltr"><<a href="mailto:martin@dobrev.eu" target="_blank">martin@dobrev.eu</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0pt 0pt 0pt 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><br>
<br>
Martin Dobrev<br>
<br>
Sent from iPhone 4<br>
<br>
On 17.06.2012, at 13:25, cheetah <<a href="mailto:xuwh06@gmail.com">xuwh06@gmail.com</a>> wrote:<br>
<br>
> Hi guys,<br>
><br>
<br>
Hi Peter,<br>
<div class="im"><br>
> I am a newbie to openvz and preparing to deploy it in my production environment to give each user a container. I have the following concerns now.<br>
><br>
> 1. Can user load kernel modules in the guest container without influencing the host kernel or other container's kernel? As far as I understand, all the containers share the same kernel of the host. So I am wondering if this is possible?<br>
><br>
<br>
</div>Some modules can be shared from the host sytem to the containers. More info in the vzctl man page.<br>
<div class="im"><br>
> 2. Or how is the container's security isolation? Can I give user root access in the container? Is there any hack that he/she can use root in the container to attack the host or other containers?<br>
><br>
</div>It's impossible to gain host system access using a kernel bug as far as I know. Some kernel exploits are still able to crash the hole system. Giving root in the container will be considered as secure as giving root on physical server.<br>
<div class="im">> 3. Does openvz kernel support kvm?<br>
><br>
</div>It's possible to have Xen and KVM compiled in the OVZ kernel but you'll need to compile it yourself.<br>
<div class="im">> 4. What is recommended distro of Linux to install openvz? I am now using CentOS 6.2. How about Debian?<br>
><br>
</div>Mainstream kernel development follows the RHEL kernel branches, so best for you will be CentOS. I have some production systems on it too.<br>
<div class="im">> Thanks a lot for answering my stupid questions.<br>
><br>
</div>I hope my info helps.<br>
> Regards,<br>
> Peter<br>
> _______________________________________________<br>
> Users mailing list<br>
> <a href="mailto:Users@openvz.org">Users@openvz.org</a><br>
> <a href="https://openvz.org/mailman/listinfo/users" target="_blank">https://openvz.org/mailman/listinfo/users</a><br>
<br>
P.S. There is no need to write to the devel list directly for user questions.<br>
_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@openvz.org">Users@openvz.org</a><br>
<a href="https://openvz.org/mailman/listinfo/users" target="_blank">https://openvz.org/mailman/listinfo/users</a><br>
</blockquote></div><br>