On Wed, Dec 08, 2010 at 09:00:51PM +0000, Richard W.M. Jones wrote: > To the original poster: even a VM isn't a completely robust way of > preventing root escalations. If the developers are all in your > "organization", how about using a cluestick-based method to prevent > them doing this? I guess giving someone a shell account in a VM is usually not less safe than giving someone shell access on the host of the VM, as long as the VM does not use kvm and does not run as root. Because even if the user could break out of the VM, he still has only the same privileges as when he got a shell access to the host directly. Regards Till
Attachment:
pgpHqvlMFsys5.pgp
Description: PGP signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
