ahogy erzed :)
ps: probaltam rakeresni az idezetre, de ugy tunik hogy nem sikerult pontosan masolnod.
tippem szerint erre gondolsz:
http://hup.hu/node/89202#comment-1057149
ezzel kapcsolatban a mai napig fenttartom, hogy felelotlenseg a szuksegesnel magasabb prioritasokkal futtatni egy szolgaltatast, csak azert mert elmeletileg a masik szolgaltatas meg tudja vedeni.
kiveve amikor nem, pl. http://www.securityfocus.com/bid/40399 illetve a kernel bugok ellen nem tud/akar a jail vedeni.
Jails are a lightweight form of virtualization/containment premised on a shared kernel across protection domains--this means that a kernel vulnerability may allow access between protection domains. If your environment requires you to tolerate a kernel vulnerability, then you will need a non-kernel based virtualization system. Note that a very similar kind of reasoning applies to using hypervisors (such as Xen, VirtualBox, VMWare, etc) and vulnerabilities they might have: if you need to be able to tolerate a hypervisor vulnerability and maintain protection between two machines, then you can't use a hypervisor to keep them separate.
Tyrael