The Null Device

Now this is ingenious: someone has devised a patch to the Linux kernel which allows you to essentially split a Linux box into several virtual servers, each with its own root user, process space, IP address space and such, all securely quarantined from each other. The applications include virtual servers (i.e., you can give people root on their own virtual servers on a machine without trusting them with the entire machine), virtual firewalls, testing/teaching environments and many more that people will undoubtedly come up with. (via Slashdot)

There are 2 comments on "":

Posted by: Jimbob Thu Nov 8 01:57:10 2001

This does sound sweet...kind of turned Linux into a mainframe style operating system. I can't think of any way I'd want to use it, but it's certainly pretty smart.

Posted by: acb Thu Nov 8 02:29:51 2001

well, it costs little to use it (a process in its own security context has no more overhead than a process running normally; though chroot jails, as usual, require their own copies of filesystems). And if you need to run something as potentially buggy as sendmail or BIND (huge sources of security holes), you can run these in their own context, so if a cracker breaks in through them, they can't get at your machine proper (if it works as planned).

You could also run a firewall/gateway in a separate context, which would (in theory) be virtually as secure as a dedicated firewall machine, but a lot cheaper.