[PVE-User] Container less secure than KVM?
gilberto.nunes32 at gmail.com
Fri Jun 20 19:39:50 CEST 2014
Can you point me some way to cript or protect this VM's?
Perhaps, create a cript layer or wathever will work...
2014-06-20 14:22 GMT-03:00 Scott Dowdle <dowdle at montanalinux.org>:
> ----- Original Message -----
> > I have notice that I can access the entire FileSystem of a OpenVZ
> > Container, from Proxmox...
> > Is that right?
> > For my point of view, this is a security breach, once I can remove
> > all files in /var/lib/vz/private/<VMID>!!!
> > Or am I wrong?
> That's how it has been (to the best of my knowledge) since SWsoft create
> Virtuozzo in 2001 and released OpenVZ in 2005. About two years ago they
> added the ability to use disk image with ploop... kinda like how KVM does
> it. It isn't a security breach.
> You can also remove KVM VM disk images from the host node... and if you
> have libguestfs and tools installed, you can access the internals of those
> disk images and alter things as desired.
> Any other questions? :)
> Scott Dowdle
> 704 Church Street
> Belgrade, MT 59714
> (406)388-0827 [home]
> (406)994-3931 [work]
> pve-user mailing list
> pve-user at pve.proxmox.com
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the pve-user