Martin Dobrev
Sent from iPhone 4 On 17.06.2012, at 13:25, cheetah <[email protected]> wrote: > Hi guys, > Hi Peter, > I am a newbie to openvz and preparing to deploy it in my production > environment to give each user a container. I have the following concerns now. > > 1. Can user load kernel modules in the guest container without influencing > the host kernel or other container's kernel? As far as I understand, all the > containers share the same kernel of the host. So I am wondering if this is > possible? > Some modules can be shared from the host sytem to the containers. More info in the vzctl man page. > 2. Or how is the container's security isolation? Can I give user root access > in the container? Is there any hack that he/she can use root in the container > to attack the host or other containers? > It's impossible to gain host system access using a kernel bug as far as I know. Some kernel exploits are still able to crash the hole system. Giving root in the container will be considered as secure as giving root on physical server. > 3. Does openvz kernel support kvm? > It's possible to have Xen and KVM compiled in the OVZ kernel but you'll need to compile it yourself. > 4. What is recommended distro of Linux to install openvz? I am now using > CentOS 6.2. How about Debian? > Mainstream kernel development follows the RHEL kernel branches, so best for you will be CentOS. I have some production systems on it too. > Thanks a lot for answering my stupid questions. > I hope my info helps. > Regards, > Peter > _______________________________________________ > Users mailing list > [email protected] > https://openvz.org/mailman/listinfo/users P.S. There is no need to write to the devel list directly for user questions. _______________________________________________ Users mailing list [email protected] https://openvz.org/mailman/listinfo/users
