27 Mar
2011
27 Mar
'11
10:26 p.m.
Well.. eh. as you might know that virtuozzo/openvz does not provide kernel isolation. Mainly this means than one kernel exploit can provide full access to all openvz/virtuozzo containers.
The same is true for solutions like vmware. Just google for all the "blue pill" talks. It's a theoretical risk that is small enough to be irrelevant.
WebServers running buggy php software provides (easy) way to execute local kernel exploits.
-- Eero