You are not logged in. Login Now
 0-24   25-27         
 
Author Message
3 new of 27 responses total.
maus
response 25 of 27: Mark Unseen   Oct 19 04:51 UTC 2006

Well, after discussion with colleagues, the OS will be Solaris 10u1. The
box only has a single system board for the time being (unforeseen hits
to the budget precluded adding a satelite board), but I have confidence
in the reliability of this board and will keep a spare on hand just in
case. Virtual environments will be built from zones with basic
functionality coming from loop-mounted, read-only copies of the system
/bin /sbin /lib etc. 

Anyone have a V880 or V890 that they don't need anymore? I could run a
fairly large database on one of those and have plenty of muscle left to
run a whole slew of full-rooot zones. If I remember right, that one had
a standard configuration of 8 processors, 16 GBytes of RAM, 8
hard-drives, dual NICs and a combined LOM/remote-console-over-IP.
Inasmuch as computing resources can be sexy, that one is sexy.

Re: #24: In this instance, a jail is referring to one created with the
jail() or sysjail() facility, not simply a chroot() jail. The jail() or
sysjail() mechanisms make it very hard to escape, as they presume that
the contents will be running as root and are hostile. In addition to
pivoting hte root of the filesystem, they also pivot the root of the
process tree and will not allow even root to jail(./..) or the like. 

http://sysjail.bsd.lv/ or
http://www.onlamp.com/pub/a/bsd/2006/03/09/jails-virtualization.html may
provide some interesting reading for the insomniac. 
gull
response 26 of 27: Mark Unseen   Oct 24 23:12 UTC 2006

Ah, gotcha.  I misunderstood and thought you were talking about a 
chroot()-style jail.
maus
response 27 of 27: Mark Unseen   Oct 25 16:06 UTC 2006

Nah. A chroot() jail would require giving the system root password to 
the users and would not allow them to have a truly isolated region. If 
one decided to be a prick, he could break out of his confinements and 
stomp on someone else. 
 0-24   25-27         
Response Not Possible: You are Not Logged In
 

- Backtalk version 1.3.30 - Copyright 1996-2006, Jan Wolter and Steve Weiss