Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Categories

In this Discussion

Encryption "against" vzctl enter
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Encryption "against" vzctl enter

mpkossenmpkossen Member
edited January 2013 in General

I was wondering the following: if you encrypt your home directory on an OpenVZ virtual machine, will the physical machine owner still be able to see the files when he/she vzcrtl enters the machine? I would assume so, but I'm not sure and I don't have an environment to test it on easily.

Comments

  • rds100rds100 Member

    Yes, he would see it.
    You could try to screw the admin though. Vzctl enter executes /bin/bash inside the container,if you remove or patch or replace /bin/bash with a fake one you could make the admin seen ghosts.
    He can still read your files though - in /vz/root/XXXX

  • MaouniqueMaounique Host Rep, Veteran

    The admin can still see the files, yet will not be able to read them. Making an encrypted container and putting it there will not give the admin the chance to read the containing FS.

  • jhjh Member

    If you need any real level of privacy you need your own building. If your budget is below that then the best you can do is establish a relationship of trust with your provider IMHO.

  • CiriumCirium Member

    As much as I enjoy pointing out the obvious...

    How about not using ovz?

  • raindog308raindog308 Administrator, Veteran

    The admin controls the kernel and the physical layer. Game over.

  • nstormnstorm Member

    Well... if you have FUSE permissions inside CT you could probably mount some encrypted FS. Like EncFS or MetFS. It will be secured while unmounted if you keep your encryption key private. But while mounted not you, but the HN admin could access your files inside too. I.e. it still cannot offer true privacy.

  • mpkossenmpkossen Member

    @Cirium said: As much as I enjoy pointing out the obvious...

    How about not using ovz?

    I know, it's just that I have a spare one lying around that I'd like to make use of :) It'll all be easier with KVM. I may still consider going that way. Just want to know my options with OpenVZ.

    I realize complete security wouldn't be achieved. It's not that I'm saving financial records or something critical. There's just data that I don't want easily accessible by an HN admin (nothing weird or illegal, by the way).

Sign In or Register to comment.