Difference between revisions of "Security"
DanielQuinn (talk | contribs) m (→Audit) |
(2.6.18, not 2.6.8; minor grammar/spelling throughout) |
||
| Line 1: | Line 1: | ||
| − | For | + | For a project such as OpenVZ, security of the software is of paramount importance. This is how we assure that OpenVZ is secure. |
== Kernel == | == Kernel == | ||
| − | The OpenVZ kernel is based on the Linux kernel. OpenVZ team | + | The OpenVZ kernel is based on the Linux kernel. The OpenVZ team tracks and analyzes all the security updates to the Linux kernel and applies them accordingly. |
| − | Note that current stable kernel branch is based on 2.6. | + | Note that the current stable kernel branch is based on the 2.6.18 kernel, which is quite old. This is done to achieve the maximum possible security and stability. By using an older kernel, we avoid adding new bugs or security holes, but the old bugs and holes are getting discovered and fixed, and the kernel matures. Big vendors such as Novell and Red Hat do the same for their enterprise Linux offerings: for example, Red Hat Enterprise Linux 4 is based on kernel 2.6.9. |
== Audit == | == Audit == | ||
| − | OpenVZ has undergone a | + | OpenVZ has undergone a thorough security audit, performed by Solar Designer in winter 2005. He found a single issue in OpenVZ kernel code and a couple of issues in mainstream Linux kernel code — all of them were fixed, and the mainstream fixes were sent to the LKML. |
[[Category: Security]] | [[Category: Security]] | ||
[[Category: Kernel]] | [[Category: Kernel]] | ||
Revision as of 21:41, 20 May 2010
For a project such as OpenVZ, security of the software is of paramount importance. This is how we assure that OpenVZ is secure.
Kernel
The OpenVZ kernel is based on the Linux kernel. The OpenVZ team tracks and analyzes all the security updates to the Linux kernel and applies them accordingly.
Note that the current stable kernel branch is based on the 2.6.18 kernel, which is quite old. This is done to achieve the maximum possible security and stability. By using an older kernel, we avoid adding new bugs or security holes, but the old bugs and holes are getting discovered and fixed, and the kernel matures. Big vendors such as Novell and Red Hat do the same for their enterprise Linux offerings: for example, Red Hat Enterprise Linux 4 is based on kernel 2.6.9.
Audit
OpenVZ has undergone a thorough security audit, performed by Solar Designer in winter 2005. He found a single issue in OpenVZ kernel code and a couple of issues in mainstream Linux kernel code — all of them were fixed, and the mainstream fixes were sent to the LKML.
