Brian Densmore wrote:
Garrett Goebel wrote:
Have you tried to just chroot into another one?
For _a_ test environment, that's fine. But not for running multiple simultaneous test environments, or giving away root accounts.
Are you saying that you can't open up multiple CLIs and run chroot in as many simultaneous instances as memory and diskspace allow?
Sure, but instances of what? Processes not kernels. You couldn't for instance test the setup of a high availability cluster...
[somewhat OT: ] Also if one can break out of a chroot environment then they have the skill to own the machine anyway. You need to be able to find and use a security flaw on the machine that would give you root access and have access inside of the chrooted environment to a compiler or perl interpreter. So the fact that one could own a machine from inside a chroot environment doesn't increase the possibility that someone could get root access.
Unless of course you _want_ to give someone root access without fear that they can subvert their host. Chroot is fine for running services under a low privilege account in a jail. It isn't a cure-all.
Although what that has to do with wanting to run a VM, which is what this thread is about, eludes me. In order to run a VM a user would need an account on your box, and if they are going to crack your system and have the knowledge to break out of a chrooted environment, then they can own your box from their user account.
In order to run a UML VM on a box, you need to run a UML instance which the end user could log into. They don't need _access_ to an account on the UML host. Except to the extent that UML instance would be running under some set of credentials.
With UML I can give anyone I wish a root account on their own virtual Linux box... I still have to worry about them misusing it or being penetrated, but not so much about attempts to subvert the uml host. I think UML is promising choice for ISP's who offer co-hosting services.
-- Garrett Goebel IS Development Specialist
ScriptPro Direct: 913.403.5261 5828 Reeds Road Main: 913.384.1008 Mission, KS 66202 Fax: 913.384.2180 www.scriptpro.com garrett at scriptpro dot com