Using UML or chroot for multiple daemons
I am debating whether to install UserModeLinux to run virtual machines to take care of running multiple daemons/servers. I am planning to run about 4 different services: Shell server, remote X server, email, and apache. Running these as jailed processes on UML seems like and attractive idea, but according to others, chrooting each of the respective services seems to be a viable option. Another concern of mine is security, which led me to question whether to use UML or chroot in the first place. If an attacker successfully exploits a service within a UML, they cannot harm the host system. If an attacker successfully exploits a chrooted service, they are still on the host machine, leaving many more options open for privilege escalation. If anyone has any experience in either, please inform me.
|