Difference between revisions of "Security"

From OpenVZ Virtuozzo Containers Wiki
Jump to: navigation, search
m (Audit)
(add link to security report)
 
(3 intermediate revisions by 2 users not shown)
Line 1: Line 1:
For the project such as OpenVZ, security of the software is of paramount importance. This is how we assure that OpenVZ is secure.
+
For a project such as OpenVZ, security of the software is of paramount importance. Let's explain how we assure that OpenVZ is secure.
  
 
== Kernel ==
 
== Kernel ==
The OpenVZ kernel is based on the Linux kernel. OpenVZ team is tracking and analyzing all the security updates to the Linux kernel and applies them accordingly.
 
  
Note that current stable kernel branch is based on 2.6.8 kernel, which is quite old. This is done to achieve maximum possible security and stability. By using the older kernel, we do neither add new bugs nor security holes, but the old bugs and holes are getting discovered and fixed, and the kernel matures. Big vendors such as Novell and Red Hat are doing the same for their enterprise Linux offerings: for example, Red Hat Enterprise Linux 4 is based on kernel 2.6.9.
+
The OpenVZ kernel is based on the Linux kernel. The OpenVZ team tracks and analyzes all the security updates to the Linux kernel and applies them accordingly.
 +
 
 +
To achieve the maximum possible security and stability, stable OpenVZ kernels are based on Red Hat Enterprise Linux kernels, which are conservative and well-maintained. By using an enterprise kernel as a base (rather than latest vanilla kernel), we avoid adding new bugs or security holes, still the old ones are getting discovered and fixed, and the kernel matures.
  
 
== Audit ==
 
== Audit ==
OpenVZ has undergone a thourough security audit performed by Solar Designer in winter 2005. He found a single issue in OpenVZ kernel code and a couple of issues in mainstream Linux kernel code — all of them there fixed, mainstream fixes were sent to LKML.
+
 
 +
OpenVZ has undergone a thorough security audit, [https://lists.openvz.org/pipermail/users/2015-October/006563.html performed by Solar Designer] in winter 2005. He found a single issue in OpenVZ kernel code and a couple of issues in mainstream Linux kernel code — all of them were fixed, and the mainstream fixes were sent to the LKML.
  
 
[[Category: Security]]
 
[[Category: Security]]
 
[[Category: Kernel]]
 
[[Category: Kernel]]

Latest revision as of 10:02, 16 November 2015

For a project such as OpenVZ, security of the software is of paramount importance. Let's explain how we assure that OpenVZ is secure.

Kernel[edit]

The OpenVZ kernel is based on the Linux kernel. The OpenVZ team tracks and analyzes all the security updates to the Linux kernel and applies them accordingly.

To achieve the maximum possible security and stability, stable OpenVZ kernels are based on Red Hat Enterprise Linux kernels, which are conservative and well-maintained. By using an enterprise kernel as a base (rather than latest vanilla kernel), we avoid adding new bugs or security holes, still the old ones are getting discovered and fixed, and the kernel matures.

Audit[edit]

OpenVZ has undergone a thorough security audit, performed by Solar Designer in winter 2005. He found a single issue in OpenVZ kernel code and a couple of issues in mainstream Linux kernel code — all of them were fixed, and the mainstream fixes were sent to the LKML.