As OpenVZ runs on a lot of virtual servers, I would like to know how kernel exploits would affect the whole system. Would it be possible to break out of an OpenVZ container (virtuozzo, etc) with a kernel exploit?
Asked
Active
Viewed 3,366 times
1 Answers
12
OpenVZ containers do not have their own kernels. In OpenVZ, there is only one kernel for the host OS and all of the containers. Successfully exploiting that kernel from within a container means potential impact to the OpenVZ host and all of its containers. If you want to avoid this vulnerability, you need a real hypervisor that boots in independent kernel for each virtual machine.
