[CentOS] ESXi, KVM or Xen?
Emmanuel Noobadmin
centos.admin at gmail.comSat Jul 3 16:15:50 UTC 2010
- Previous message: [CentOS] ESXi, KVM or Xen?
- Next message: [CentOS] ESXi, KVM or Xen?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 7/3/10, David McGuffey <davidmcguffey at verizon.net> wrote: > As I understand it each VM under kvm has a different SELinux context. > Breaking into one VM doesn't give you the context to manipulate another. > One would have to go back out through the network to attack the next > VM...and if you have decent logging and IDS the noise should be > seen/detected. > > I went with kvm specifically because it is integrated into SELinux. In theory that sounds great and would had covered the security concern part. But my own experience with SELinux had basically been well less than positive. When I first knew about it 2 years ago on my first install of CentOS, it just made things really difficult and even when it worked, setroubleshootd ends up sucking up memory and lags the system, making it extremely difficult to even view the SE event log to try to figure out what happened. Maybe it's just my noobness then, so I'll give it another try with leaving SELinux enforcing instead of permissive.
- Previous message: [CentOS] ESXi, KVM or Xen?
- Next message: [CentOS] ESXi, KVM or Xen?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list