Hacker News new | ask | show | jobs
by regecks 4205 days ago
Er, seems odd to be using OpenVZ if security/hardening is what you're after.

The shared kernel is a larger attack surface compared to KVM or Xen, and the OpenVZ host admin can easily see/manipulate your running processes.

No hate for OpenVZ though, I've used it constantly for about 4 years, but it makes me nervous when its discussed in a multi-tenant context.
2 comments
feld 4205 days ago
Why do you think a shared kernel is somehow more secure than a hypervisor?
link
regecks 4205 days ago
Me? My point was that HV/PV virtualization is likely to be more secure than OpenVZ, sorry if it was unclear.
link
joshbaptiste 4205 days ago
ah indeed.. security isn't my focus on those nodes, running a couple of test server applications.
link