I need to run NTP on a Xen dom0. (I'm running it in the dom0 in order to have all the Xen guests and host synchronized.) I'm concerned about remote code execution exploits via buffer overflows, for example. I have no experience with unprivileged LXCs yet.
Would it provide useful protection of the dom0 to run the NTP daemon in an LXC? Or should I not bother, because the daemon would have no lesser privileges anyway? I was trying to do this, but was encountering some conflicts with /proc/xen in starting the LXC. (I didn't encounter this in a domU.) _______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
