Quoting Cal Webster (cwebs...@ec.rr.com): > On Fri, 2011-01-14 at 11:59 -0600, Serge E. Hallyn wrote: > > Quoting Cal Webster (cwebs...@ec.rr.com): > > > I've looked at OpenVZ but it apparently cannot coexist with SELinux, > > > > Do you know why? Do you have any references for this? > > None of the OpenVZ forum members could cite any references or explain > this. None of the on-line documentation goes into detail. The only > references to SELinux I could find said the SELinux _must_ be disabled > before bringing up the OpenVZ kernel, which is compliled without SELinux > support. > > The only forum member that answered my post just said that "OpenVZ > introduces many hacks to the kernel. If you read the code, you'll know > what this is about." That's when he suggested I look at LXC. Before I > spent the time to read through their kernel hacks I decided to see what > LXC offered. That's when I discovered the problem with available kernel > versions.
Hmm - well selinux isn't magic - it does need its hooks to be in the right places, so if openvz is providing ways around the hooks, then yeah it might "work" but not actually be enforcing anything effectively. So, not having looked at the openvz patch myself recently, I guess I'd take their word for it :) -serge ------------------------------------------------------------------------------ Protect Your Site and Customers from Malware Attacks Learn about various malware tactics and how to avoid them. Understand malware threats, the impact they can have on your business, and how you can protect your company and customers by using code signing. http://p.sf.net/sfu/oracle-sfdevnl _______________________________________________ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
