building kernels
> No, you cannot load your own kernel modules. Allowing a Linode to modify the kernel in any way (including loading modules) would be a serious security problem for the Linode host. If you were able to load a kernel module, you would be able to force the host system to run arbitrary code. This is not allowed.
Is this true? I was under the impression that user-mode linux created a "sandbox" for the individual virtual servers that we have here.
If we can build our own kernels, does anyone know what's running in the debian distro? Are there any non-standard patches?
Thanks…
2 Replies
@astrashe:
I was under the impression that user-mode linux created a "sandbox" for the individual virtual servers that we have here.
It still isn't secure to allow the execution of arbitrary code in the UML kernel space.
@astrashe:
If we can build our own kernels, does anyone know what's running in the debian distro? Are there any non-standard patches?
Only caker's kernels get to run, and they are the same whichever distro you choose. The patches from vanilla code are shown here:. The only really non-standard stuff relates to a token bucket filter/limiter around the UML async UBD driver to stop one Linode hogging all the disk i/o capacity on the host. See here: http://www.linode.com/support/kernels.cfmhttp://www.linode.com/forums/viewtopic.php?t=790
