[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[suse-security] UML as security layer and for server consolidation



User-Mode Linux  as security layer and for server consolidation?

Due to lack of sufficient machines to provide all services i have to offer
to my network participants i wonder wether it is a good idea to encapsulate
each service (as e.g. kerberos,ldap,bind,mail,dhcp,samba) in several UMLl
environments with own filesystem for each and to duplicate this box with
heartbeat and drbd (or something like that) for high(er) availability.

(sorry for that long sentence)

What do you think? Are these services strongly separated doing that way
or can an attacker control whole system by compromising only one
uml-provided service to easy (when I follow all security rules while setting
up each subsystem and isolating UML instances using iptables on base
system)?

Thx in advance

Michael



-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here