[Gllug] Security from scratch or just stick with Astaro?
Nix
nix at esperi.org.uk
Fri Apr 11 06:53:56 UTC 2008
On 8 Apr 2008, Chris Bell spake thusly:
> On Tue 08 Apr, Justin Perreault wrote:
>> For the virtual machine I want to set up the system such that the host
>> system does not pay attention to the traffic on the ethernet ports and
>> only redirects them to what ever firewall I have set up. I have no need
>> for the host to do any more than host/build virtual machines. Is this
>> not possible?
I'm doing it with UML and bridged tun/tap network interfaces. The host
doesn't have an IP address on its ADSL network interface, but just spies
on it with snort :)
> It is just another layer that could house coding errors and security
> vulnerabilities.
I'm not aware of any security vulnerabilities in UML (in skas mode) that
aren't also shared by the host kernel. In fact I can't recall any such
vulnerabilities, ever.
(Of course the UML instance is running chrooted as a nonprivileged user
as well.)
--
`The rest is a tale of post and counter-post.' --- Ian Rawlings
describes USENET
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list