On Tue, May 26, 2009 at 08:46:49PM +0200, Laurent Guignard wrote: > On Fri, 22 May 2009 18:02:27 +0000, Sylvain Le Gall wrote: > > On 22-05-2009, Sthu Deus <sthu.d...@gmail.com> wrote: > > > How I can organize a Operating system-level virtualization on a server > > > for every service I would isolate? > > > > Use a chroot (standard) or a vserver (search for vserver in debian > > archives there is a kernel version and two packages for userland tools). > > > > vserver is more flexible and allow you to assign IP address et al. > > Beyond the question, what is the interest to virtualize services. I understand > the need to virtualize different machine for OS specific server software, > tests and so on. > Is there anywhere to find when virtualization is the best way to solve a > problem and when it isn't ?
Unless something has changed, to be really secure, virtualization has to be fully supported in the hardware of the CPU so that there are no CPU instructions that can be issued from within the virtual machine to break out of it. i386/amd64 don't meet that criteria. I don't know what other vendors have, but e.g. IBM's Power architecture does, and provides logical partitions (LPARs) at the firmware level which appear to the OS as a real piece of hardware. AFAIK, virtualization on i386/amd64, beyond the os-specific software or testing issues, is a gimmick. It may provide one extra layer for someone to try to break out of but it also adds an extra layer to hold bugs. Doug. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
