On Mon, Aug 14, 2006 at 09:56:17AM +0200, Stephan Mueller wrote: > Hi, > > is there a way to run/use fuse inside a vguest without risking > security problems?
we didn't find time to test/analyze fuse inside a guest yet, but from the top of my head the following security issues might apply: - broken/buggy filesystems may crash/hang the kernel - fuse might add indefinite timeouts, affecting the other guests (performance wise) - excessive unlimited dentries and caching could interfere with other guests (DoS) > I am currently using the stable tree on a 2.6.17 kernel. > > Any hints/ideas welcome! ;) if you give it a try, I'd suggest to try some evil attacks inside a guest, to figure what can be done :) (and of course, keep us posted) best, Herbert > Cheers, > > Steph. > > > _______________________________________________ > Vserver mailing list > Vserver@list.linux-vserver.org > http://list.linux-vserver.org/mailman/listinfo/vserver _______________________________________________ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
