> It uses HTTPS to issue commands to the VZ nodes in the cluster? Really?
I guess you should look at the code yourself if you want to know how it works. > >> Can you talk a little about the security of the model used by > Proxmox? > >> Can I, on the client VZ HNs managed by Proxmox, limit what commands > >> Proxmox can execute? (important in the case that my Proxmox server > >> gets compromised) > > > > Not sure if I understand your question. If someone gets root access > to > > the HOST you have a real problem. But that's true for any unix > system. > > Yes, I know that a compromise is a real problem. It's always a real > problem. Hence the need for mitigation measures. > > If a regular server is compromised, that is one server. What I am > asking is what happens if my Proxmox server gets compromised? How does Then all controlled servers are at risk. Again, that is also true for any other virtualization platform I know. > it talk to the VZ HNs that it is controlling? Is it SSH running shell > commands? Or does each VZ HN have to run some sort of daemon that > listens for commands from the Proxmox server? Or what? Please read all available openvz documentation, first. Then study our code. > The web site says Proxmox uses kernel 2.6.24, which AFAIK isn't deemed > as stable by the OpenVZ kernel team. Has 2.6.24 with the OpenVZ patch > been tested much? We use the following kernel source: http://git.openvz.org/?p=ubuntu-hardy-openvz;a=summary which is very stable IMO. - Dietmar _______________________________________________ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users