Hello Matthew,
Here's an example in on of my containers:
root@nasty:~# ps ax
PID TTY STAT TIME COMMAND
1 ?Ss 0:13 init [3]
44 ?Ss 0:02 /usr/sbin/syslogd
141 ?Ss 0:00 /usr/sbin/sshd
144 ?S 0:01 /usr/sbin/crond -l6
149 ?
Hi guys,
I'm trying to run two containers of Fedora 15 over Fedora 15 host
through libvirt on an amd64 host. However so far I've not been able to
setup the environment and going through the list it seems there are some
issues with systemd, however I'm not really sure how to make it work.
I'm new
Patrick/Oliver,
Thanks for the quick response. As a security guy I hate it when folks
post weaknesses without providing (or taking the time to investigate)
workarounds.
And there seems to be a lot of FUD out there on the blogs regarding
OpenVZ vs. LXC. :(
- mdf
On Sun, Jul 31, 2011 at 10:58
Dnia 2011-07-30, sob o godzinie 21:10 -0400, Matthew Franz pisze:
Had seen some previous discussions before, but are there any ways to
mitigate this design vulnerability?
http://blog.bofh.it/debian/id_413
Are there any workarounds?
Thanks,
- mdf
The blog post explicitly mounts
On Sun, 2011-07-31 at 17:59 +0200, Robert Kawecki wrote:
Dnia 2011-07-30, sob o godzinie 21:10 -0400, Matthew Franz pisze:
Had seen some previous discussions before, but are there any ways to
mitigate this design vulnerability?
http://blog.bofh.it/debian/id_413
Are there any
That's where MAC system comes handy.
--
Sent from my Android phone with K-9 Mail. Please excuse my brevity.
Michael H. Warfield m...@wittsend.com wrote:
On Sun, 2011-07-31 at 17:59 +0200, Robert Kawecki wrote:
Dnia 2011-07-30, sob o godzinie 21:10 -0400, Matthew Franz pisze:
Had seen some
On Sun, 2011-07-31 at 23:02 +0200, Olivier Mauras wrote:
That's where MAC system comes handy.
Was just reading up on that from your earlier post. Very nice. I see I
have some reading a research to do. I posted a URL to an IBM paper in a
reply to your earlier post.
--
Sent from my Android
Yes I started using smack after digging trough this article :)
As for capabilities I usually start from the most restrictive, removing one by
one until I want the container to work as expected.
Regards,
Olivier
--
Sent from my Android phone with K-9 Mail. Please excuse my brevity.
Michael H.
