[Users] Announcement: Proxmox Virtual Environment 1.0
-Firststable release
Dietmar Maurer
dietmar at proxmox.com
Fri Nov 21 12:45:40 EST 2008
> It uses HTTPS to issue commands to the VZ nodes in the cluster? Really?
I guess you should look at the code yourself if you want to know how it works.
> >> Can you talk a little about the security of the model used by
> Proxmox?
> >> Can I, on the client VZ HNs managed by Proxmox, limit what commands
> >> Proxmox can execute? (important in the case that my Proxmox server
> >> gets compromised)
> >
> > Not sure if I understand your question. If someone gets root access
> to
> > the HOST you have a real problem. But that's true for any unix
> system.
>
> Yes, I know that a compromise is a real problem. It's always a real
> problem. Hence the need for mitigation measures.
>
> If a regular server is compromised, that is one server. What I am
> asking is what happens if my Proxmox server gets compromised? How does
Then all controlled servers are at risk. Again, that is also true for any other
virtualization platform I know.
> it talk to the VZ HNs that it is controlling? Is it SSH running shell
> commands? Or does each VZ HN have to run some sort of daemon that
> listens for commands from the Proxmox server? Or what?
Please read all available openvz documentation, first. Then study our code.
> The web site says Proxmox uses kernel 2.6.24, which AFAIK isn't deemed
> as stable by the OpenVZ kernel team. Has 2.6.24 with the OpenVZ patch
> been tested much?
We use the following kernel source:
http://git.openvz.org/?p=ubuntu-hardy-openvz;a=summary
which is very stable IMO.
- Dietmar
More information about the Users
mailing list