[ale] Linode hacked, CCs and passwords leaked

Michael B. Trausch mbt at naunetcorp.com
Thu Apr 18 12:56:58 EDT 2013 

LXC allows the creation of tun/tap devices, because it supports namespaces
in the network stack. I don't know if the packet filter is namespace aware
yet, though. Would be an interesting thing to discover, actually.

Mike Warfield, do you have the answer, perchance? You're still active with
LXC, yes?
On Apr 18, 2013 12:46 PM, "David Tomaschik" <david at systemoverlord.com>
wrote:

> On Thu, Apr 18, 2013 at 8:55 AM, Michael B. Trausch <mbt at naunetcorp.com>wrote:
>
>> On 04/18/2013 01:50 AM, Wolf Halton wrote:
>> >
>> > I have been testing openvz servers for over a year. Work well for
>> > simple web services like drupal and less well for i/o-heavy apps like
>> > evergreen-ils.
>> >
>> It also stinks for applications in networking, since the user doesn't
>> (at least the last time I used it) get a dedicated networking stack.
>>
>> LXC provides a networking stack through the use of a network device
>> namespace for containers, and Xen/KVM simply emulate a full Ethernet
>> card, usually attached to a software bridge.
>>
>> I tried to use OpenVZ a long time ago because the management interface
>> on the setup I was working with wasn't bad, but then when I realized
>> that I couldn't bring in my IPv6 through a router running as a guest
>> there...
>>
>> — Mike
>>
>
> Oh yeah, I'd forgotten those details:  with OpenVZ (and probably LXC?) you
> can't configure iptables, as you're sharing a kernel.  You also can't use
> tun/tap interfaces, for the reasons Michael mentioned -- which means you
> can't run an OpenVPN server, for example.
>
> I've been using Xen or KVM VMs for so long that I forgot how much I
> dislike OpenVZ.  OpenVZ probably works well enough for some use cases for
> users who have control of the host (i.e., not VPSs.)
>
>
> --
> David Tomaschik
> OpenPGP: 0x5DEA789B
> http://systemoverlord.com
> david at systemoverlord.com
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20130418/c7904b96/attachment.html>

More information about the Ale mailing list