Security of virtualization: which one to use ?

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

Security of virtualization: which one to use ?

Postby evilangel » Tue Oct 14, 2008 8:35 am

Hi all,

I know this topic is not directly linked to grsecurity.
However, it may interfer.

In the choice of KVM, Xen, Vserver, OpenVZ, QEMU, ... which virtualization solution would you choose when security matters ?

I don't know if one solution is providing more segregation between host and guest ?
Is one solution more robust when the guest has been conpromised ?

Thanks
evilangel
 
Posts: 59
Joined: Thu May 15, 2008 7:57 pm

Re: Security of virtualization: which one to use ?

Postby evilangel » Wed Oct 15, 2008 7:53 am

I just noticed that Vserver is providing a "combo" vserver-grsecurity patch.
http://linux-vserver.org/Welcome_to_Linux-VServer.org
This sounds good :)
evilangel
 
Posts: 59
Joined: Thu May 15, 2008 7:57 pm

Re: Security of virtualization: which one to use ?

Postby evilangel » Wed Oct 29, 2008 8:46 am

I looked on the main competitor of Vserver, OpenVZ.
It is clear: OpenVZ does not and can not support Grsecurity.
http://wiki.openvz.org/Grsecurity
evilangel
 
Posts: 59
Joined: Thu May 15, 2008 7:57 pm


Return to grsecurity support