if you have enough $$ go with ibm 390 (or whatever the number is) otherwise try wmware (or other similar product), if you require completely virtual machines (hw and all) you need a virtual machine, I guess there's no way around it, chroot and I suspect jail (I don't know jail) would not cut it.
erik Ilya Martynov wrote: > > >>>>> "CC" == Colin Cashman <[EMAIL PROTECTED]> writes: > > >> No. chroot is not safe enough. I want to create virtual boxes in which > >> I can give root rights to other people and I want to be sure that they > >> can't break other boxes. > >> > >> AGAIK if you have root you can escape chroot'ed directory. Another > >> problems that root can have direct access to devices. I don't want to > >> allow it. Good solution is really independant virtual boxes which are > >> run from one real. This is what FreeBSD's jails provides. User-mode > >> linux kernel seems to allow it too but I'm not sure how stable is it > >> and if there are exist any limitations. > > CC> I just found a page that might contain what you are looking for: > > CC> http://www.gnu.org/directory/vsd.html > > CC> "VSD - Facilitates Linux Virtual Servers within a 'chroot' > CC> environment." > > Yes, I've seen it and simular solutions. The problem is that as I have > wrote 'chroot is not safe enough'. It is not possible to give root > rights to people in chroot'ed environment if you don't want to trust them. > > BTW except problems with direct access to devices and possibility to > escape chroot by root there is exist another problem (for me) with > chroot. Chroot only allows isolations of boxes at filesystem > level. For example you can't have two mailservers running at the same > time - first in first virtual box, second in another. At least you > can't do it unless you configure them to listen on different > interfaces. (BTW is it possible to create several loopback interfaces > - I think no). > > Let me describe my needs. > > 1) I want to build testing and development envronment for developers > in my company. Thereis several developers who works on different > project. Often it is much more easier to give developers root access > then try to fune tune sceurity system on development servers so they > will be able to install/configure software there. So I want to just > create several virtual boxes and give there freely root access. So I > can be sure than one group of developers can't break things for > another group. > > 2) Another task is building automated tests for our software. One product > our developers work on is maillist software. For creation of automated > tests for this software it is *required* to have several boxes. If I > just can create a bunch of virtual boxes it will be very usefull. > > Combining 1) and 2) gives need for independant virtual boxes. 'chroot' > is not good enough. > > CC> [..skip..] > > -- > Ilya Martynov > AGAVA Software Company, http://www.agava.com > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]