[Users] Announcement: Proxmox Virtual Environment 1.0 -Firststable release

Dietmar Maurer dietmar at proxmox.com
Fri Nov 21 12:45:40 EST 2008

> It uses HTTPS to issue commands to the VZ nodes in the cluster? Really?

I guess you should look at the code yourself if you want to know how it works.
> >> Can you talk a little about the security of the model used by
> Proxmox?
> >> Can I, on the client VZ HNs managed by Proxmox, limit what commands
> >> Proxmox can execute? (important in the case that my Proxmox server
> >> gets compromised)
> >
> > Not sure if I understand your question. If someone gets root access
> to
> > the HOST you have a real problem. But that's true for any unix
> system.
> Yes, I know that a compromise is a real problem. It's always a real
> problem. Hence the need for mitigation measures.
> If a regular server is compromised, that is one server. What I am
> asking is what happens if my Proxmox server gets compromised? How does

Then all controlled servers are at risk. Again, that is also true for any other
virtualization platform I know.

> it talk to the VZ HNs that it is controlling? Is it SSH running shell
> commands? Or does each VZ HN have to run some sort of daemon that
> listens for commands from the Proxmox server? Or what?

Please read all available openvz documentation, first. Then study our code. 

> The web site says Proxmox uses kernel 2.6.24, which AFAIK isn't deemed
> as stable by the OpenVZ kernel team. Has 2.6.24 with the OpenVZ patch
> been tested much?

We use the following kernel source:


which is very stable IMO.

- Dietmar

More information about the Users mailing list