On May 3, 2007, at 7:39 PM, Dan Mensom wrote:
For the benefit of the archives, here is the quick rundown of what
I did,
following mostly the docs at http://fastcgi.coremail.cn/doc.htm:
Thanks; I'll have to look back at your steps if I ever get around to
setting up SELinux.
Now that is a secure option, though not light-weight of course.
Hrmm.. Not necessarily. Last I checked the Xen people were still in
the
process of hardening their kernel APIs to prevent vm guest breakout. I
don't think the process was completed for 3.0, but I could be wrong..
Well, I hope it is, because I've got a server at a Xen-based virtual
hosting company containing somewhat sensitive data.
Googling "xen guest breakout" doesn't turn up much. There are people
saying they haven't formally proven there are no vulnerabilities in
the design or implementation [1], but that's not too surprising - the
same's true for the Linux kernel. I basically have to trust Linux
anyway in the absence of specific bug reports, or I'd get nothing done.
[1] - http://article.gmane.org/gmane.comp.emulators.xen.user/23297
--
Scott Lamb <http://www.slamb.org/>
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
