<div>It's not clear to me what security benefits are conferred by OpenVZ over, say, App Armor. As a jailing mechanism, OpenVZ seems useful, but it looks to me (and I should say that I've not been paying much attention to Linux for a few years now, so this is kind of a wild-ass guess) that the attack surface presented by sharing a kernel instance is a lot greater than that presented by sharing a Xen host. </div>
<div> </div>
<div>Unless I'm missing something, I don't see how OpenVZ mitigates kernel level code execution vulns--since the guest kernel is the same as the host kernel, if I can run code in the kernel context on a guest, I've owned the host, right? In comparison, with Xen, if a guest is doing something (e.g. listening on an interface, using a particular filesystem, etc) that exposes a bug that leads to code execution, since the guest kernel is only used for that guest, the attacker is (in theory) contained. (And your host's job is to <em>only</em> be the virtualization host, to minimize attack surface.) Only Xen bugs allow the guest to attack the host or other guests. </div>
<div> </div>
<div>Not that paravirtualization solutions (e.g. VMWare) haven't had guest->host code execution bugs in the past, but they're fairly rare (e.g. <a href="http://secunia.com/advisories/26986/">http://secunia.com/advisories/26986/</a>). </div>
<div> </div>
<div>Note, though, that I'm probably going to retire my HCoop membership in the near future, so while perhaps the above is of technical relevance, don't take it to be my vote one way or another. </div>
<div> </div>
<div class="gmail_quote">On Wed, Jun 3, 2009 at 7:12 AM, Ron Senykoff <span dir="ltr"><<a href="mailto:freat@hcoop.net">freat@hcoop.net</a>></span> wrote:<br>
<blockquote style="BORDER-LEFT: #ccc 1px solid; MARGIN: 0px 0px 0px 0.8ex; PADDING-LEFT: 1ex" class="gmail_quote">It seems that Xen offers greater flexibility by allowing any guest OS. Yet in a paravirtualization mode it offers extremely low overhead. So it seems to me a natural path is use Xen paravirtualization for all core servers, and have the benefit of greater flexibility should we need it down the road. After all, one thing I dig about open source software is having choices. With Xen we don't sacrifice choice of OS.<br>
<font color="#888888"><br>-Ron<br><br></font><br>_______________________________________________<br>HCoop-Discuss mailing list<br><a href="mailto:HCoop-Discuss@lists.hcoop.net">HCoop-Discuss@lists.hcoop.net</a><br><a href="https://lists.hcoop.net/listinfo/hcoop-discuss" target="_blank">https://lists.hcoop.net/listinfo/hcoop-discuss</a><br>
<br></blockquote></div><br>