* Posts by zeigerpuppy

3 publicly visible posts • joined 12 Feb 2019

A path out of bloat: A Linux built for VMs

zeigerpuppy

Plan9 file-system works nicely with KVM. We use it in our linux (Devuan) based hypervisors for data volumes...

Strong points are the permission mapping (possible per-VM on same share) and ease of use. It's greqt to back the volume with a ZFS dataset in the hypervisor...

However, 9pfs is less suited to certain workloads. In particular, it has poor database storage compatibility and suffers from very-poor small-file performance (if sync writes are needed).

In KVM, virtiofs is much more performant...

FBI deletes web shells from hundreds of compromised Microsoft Exchange servers before alerting admins

zeigerpuppy

they only did half the job...

the FBI would do better to uninstall Exchange altogether and replace it with Postfix/Dovecot.

Patch this run(DM)c Docker flaw or you be illin'... Tricky containers can root host boxes. It's like that – and that's the way it is

zeigerpuppy

kata-containers

This is a reminder to think of ways to lock down docker. For instance it's possible to run docker containers with an higher security by using an alternative runtime to runc.

Kata containers are a great example of this and for most containers, no extra configuration is needed, just install and update the available runtimes in the docker config.

see https://github.com/kata-containers/runtime