-----Original Message----- From: Ingo Boernig [mailto:ingo@boernig.de] Sent: Thursday, 20 January 2005 10:09 p.m.
SUSE already has implemented server virtualization via UML (User Mode Linux) in SLES9.
True. How *secure* is UML though? Last I heard it was more of a tool for playing around kernel changes, etc. Has that changed? I guess I'll go read up on the current state of UML! At the moment I am using the 3rd Party Linux Vserver (http://www.linux-vserver.org/) patches to add separate "contexts" whereby a process running in a particular context can see only the processes in the same context, can use only the IP address assigned to that context, and is blocked from doing things such as making new device nodes (note: even if it's running as root!). It also adds stuff like a strengthened chroot and the ability to irrevocably limit kernel capabilities on a per Vserver basis. The other advantage of the vserver patches is that only one copy of the kernel is running, hence less over-head than something like UML (which runs two copies?). However I don't think Oracle would be happy running on a Vanilla 2.4.28 kernel + vserver patches, hence why we use SLES 8!!