[PVE-User] Container less secure than KVM?

Gilberto Nunes gilberto.nunes32 at gmail.com
Fri Jun 20 19:39:50 CEST 2014


Can you point me some way to cript or protect this VM's?
Perhaps, create a cript layer or wathever will work...

Thanks...


2014-06-20 14:22 GMT-03:00 Scott Dowdle <dowdle at montanalinux.org>:

> Greetings,
>
> ----- Original Message -----
> > I have notice that I can access the entire FileSystem of a OpenVZ
> > Container, from Proxmox...
> >
> > Is that right?
> >
> > For my point of view, this is a security breach, once I can remove
> > all files in /var/lib/vz/private/<VMID>!!!
> >
> > Or am I wrong?
>
> That's how it has been (to the best of my knowledge) since SWsoft create
> Virtuozzo in 2001 and released OpenVZ in 2005.  About two years ago they
> added the ability to use disk image with ploop... kinda like how KVM does
> it.  It isn't a security breach.
>
> You can also remove KVM VM disk images from the host node... and if you
> have libguestfs and tools installed, you can access the internals of those
> disk images and alter things as desired.
>
> Any other questions? :)
>
> TYL,
> --
> Scott Dowdle
> 704 Church Street
> Belgrade, MT 59714
> (406)388-0827 [home]
> (406)994-3931 [work]
> _______________________________________________
> pve-user mailing list
> pve-user at pve.proxmox.com
> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
>



-- 
Gilberto Ferreira
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://pve.proxmox.com/pipermail/pve-user/attachments/20140620/3628728f/attachment-0015.html>


More information about the pve-user mailing list