Re: [Lxc-users] LXC on RHEL/CenOS 5.5 Host?
Quoting Cal Webster (cwebs...@ec.rr.com): I've looked at OpenVZ but it apparently cannot coexist with SELinux, Do you know why? Do you have any references for this? -serge -- Protect Your Site and Customers from Malware Attacks Learn about various malware tactics and how to avoid them. Understand malware threats, the impact they can have on your business, and how you can protect your company and customers by using code signing. http://p.sf.net/sfu/oracle-sfdevnl ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] LXC on RHEL/CenOS 5.5 Host?
On Fri, 2011-01-14 at 11:59 -0600, Serge E. Hallyn wrote: Quoting Cal Webster (cwebs...@ec.rr.com): I've looked at OpenVZ but it apparently cannot coexist with SELinux, Do you know why? Do you have any references for this? None of the OpenVZ forum members could cite any references or explain this. None of the on-line documentation goes into detail. The only references to SELinux I could find said the SELinux _must_ be disabled before bringing up the OpenVZ kernel, which is compliled without SELinux support. The only forum member that answered my post just said that OpenVZ introduces many hacks to the kernel. If you read the code, you'll know what this is about. That's when he suggested I look at LXC. Before I spent the time to read through their kernel hacks I decided to see what LXC offered. That's when I discovered the problem with available kernel versions. -- Protect Your Site and Customers from Malware Attacks Learn about various malware tactics and how to avoid them. Understand malware threats, the impact they can have on your business, and how you can protect your company and customers by using code signing. http://p.sf.net/sfu/oracle-sfdevnl ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] LXC on RHEL/CenOS 5.5 Host?
Quoting Cal Webster (cwebs...@ec.rr.com): On Fri, 2011-01-14 at 11:59 -0600, Serge E. Hallyn wrote: Quoting Cal Webster (cwebs...@ec.rr.com): I've looked at OpenVZ but it apparently cannot coexist with SELinux, Do you know why? Do you have any references for this? None of the OpenVZ forum members could cite any references or explain this. None of the on-line documentation goes into detail. The only references to SELinux I could find said the SELinux _must_ be disabled before bringing up the OpenVZ kernel, which is compliled without SELinux support. The only forum member that answered my post just said that OpenVZ introduces many hacks to the kernel. If you read the code, you'll know what this is about. That's when he suggested I look at LXC. Before I spent the time to read through their kernel hacks I decided to see what LXC offered. That's when I discovered the problem with available kernel versions. Hmm - well selinux isn't magic - it does need its hooks to be in the right places, so if openvz is providing ways around the hooks, then yeah it might work but not actually be enforcing anything effectively. So, not having looked at the openvz patch myself recently, I guess I'd take their word for it :) -serge -- Protect Your Site and Customers from Malware Attacks Learn about various malware tactics and how to avoid them. Understand malware threats, the impact they can have on your business, and how you can protect your company and customers by using code signing. http://p.sf.net/sfu/oracle-sfdevnl ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] LXC on RHEL/CenOS 5.5 Host?
On Fri, 2011-01-14 at 09:58 -0800, Noah Campbell wrote: I was also looking at a similar configuration. If you can upgrade your kernel, you have a shot. http://lxc.sourceforge.net/index.php/about/kernel-namespaces/ gives the minimum kernel for a particular configuration. -Noah Thanks for the reply, Noah. I cannot use kernels from the upstream source tree or those that are based upon it because RHEL kernels don't track directly with the latest kernel source. I'm hoping that either someone has ported LXC features and tools to RHEL/CentOS 5 or patches exist for the RHEL/CentOS 5 kernels. RHEL/CentOS kernels, as well as the software within the distro, cannot necessarily be judged by their version numbers. As any RHEL maintainer will tell you, Red Hat back-ports all security and bug fixes, and many feature updates to the version that existed when the major version was released. Very few applications, servers, or utilities are upgraded to current version numbers. Instead, after an update minor revision numbers are incremented and/or appended to the package name. For example, Red Hat just released its 6th maintenance update to RHEL 5 yesterday containing a pile of security updates, bug-fixes, and enhancements to over 150 applications, including the kernel and gcc tools and libs. While the version numbers bear no resemblance to the latest kernel, tools and apps, all security security flaws, important bugs have been resolved and some upstream features included. With the release of RHEL 6, RHEL 5 has entered production phase 2. At the end of production phase 3 in March 2014 security patches and bug fixes will stop. So there are at least 3 more years of life. I'm sure our organization will be required to support it even beyond that time, though. Regards, Cal Webster -- Protect Your Site and Customers from Malware Attacks Learn about various malware tactics and how to avoid them. Understand malware threats, the impact they can have on your business, and how you can protect your company and customers by using code signing. http://p.sf.net/sfu/oracle-sfdevnl ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users