Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Filesystem question [unsolved]
View unanswered posts
View posts from last 24 hours

Goto page Previous  1, 2  
Reply to topic    Gentoo Forums Forum Index Kernel & Hardware
View previous topic :: View next topic  
Author Message
LIsLinuxIsSogood
Veteran
Veteran


Joined: 13 Feb 2016
Posts: 1090

PostPosted: Sun Aug 04, 2019 5:02 am    Post subject: Reply with quote

By the way in case I run into some other problems later like security, network, graphical interface, etc. Would the user-mode linux provide any differences for the better than a chroot for the purpose of isolating user accounts, and applications/services, etc. from one another?
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 14971

PostPosted: Sun Aug 04, 2019 3:55 pm    Post subject: Reply with quote

Some directory, which may or may not be the root directory, is stored on /dev/mapper/centos_reznik-root and is bind-mounted to /var/tmp. If this directory is /var/tmp on the CentOS root, then this is reasonable.

I would prefer well-configured containers over UML, though UML may provide better isolation. A key question you need to consider is whether you are using this isolation to prevent accidents or to confine rogue processes that may actively try to escape their isolation.
Back to top
View user's profile Send private message
LIsLinuxIsSogood
Veteran
Veteran


Joined: 13 Feb 2016
Posts: 1090

PostPosted: Sun Aug 04, 2019 11:42 pm    Post subject: Reply with quote

Hu, I would have to check because as far as I know the only mount in the root filesystem going to the root filesystem shouldn’t be to anything in /var at all, but simply to /

I can paste the mount output from the host operating system shortly.

I just started reading about systemd’s containers feature. For now I agree that containers might present a better solution, which is sort of an answer in itself to your questions since I also agree that isolation from writes to the filesystem and preventing rogue processes are priorities. It seems systemd has this “protection” built in at least to the extent that I would not purposefully be navigating around that to screw with the host system. Of course if the virtual machine stuff will work fast enough I will give it a try as well.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Kernel & Hardware All times are GMT
Goto page Previous  1, 2
Page 2 of 2

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum