| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <m3wsxu1i3l.fsf@ursa.amorsen.dk> Date: 23 Jun 2007 23:22:38 +0200 From: Benny Amorsen <benny+usenet@...rsen.dk> To: netdev@...r.kernel.org Subject: Re: [RFD] L2 Network namespace infrastructure >>>>> "DM" == David Miller <davem@...emloft.net> writes: DM> To be honest I think this form of virtualization is a complete DM> waste of time, even the openvz approach. You are only considering the security values of OpenVZ. Where I work, OpenVZ and Linux-vserver are used for their ability to cleanly separate processes. Security-wise, we could get the same effect just by running the processes as separate users, but management-wise it is so much easier to give them a completely separate environment. OpenVZ's network virtualization enables us to do things which are completely impossible with both the vanilla kernel and Xen -- e.g. hundreds of virtual routers, with their own routing daemons. Policy routing just doesn't cut it; it's cumbersome to set up, limited to 256 tables, and routing daemons generally can't handle it well, if at all. /Benny - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists