Gentoo Archives: gentoo-security

From: Javi Moreno <vierito5@×××××.com>
To: gentoo-hardened@l.g.o
Cc: gentoo-security@l.g.o
Subject: Re: [gentoo-hardened] Re: [gentoo-security] Re: Mini Gentoo in VMWare
Date: Fri, 03 Nov 2006 17:47:55
Message-Id: 4d192b620611030938p715485f4pa3777e5a0649b68d@mail.gmail.com
In Reply to: Re: [gentoo-security] Re: Mini Gentoo in VMWare by Antoine Martin
1 Running a chroot jailed service in a chroot jailed VM...cool xD
2
3 It's kind of redundant but I don't know if it's worthy.
4
5 On 11/3/06, Antoine Martin <antoine@××××××××××.uk> wrote:
6 >
7 > -----BEGIN PGP SIGNED MESSAGE-----
8 > Hash: SHA1
9 >
10 > > <snip>
11 > >
12 > >> Nick[1] made a post about minimizing Gentoo a while back.
13 > >> But that topic was mainly about the disk usage.
14 > >> I suppose you would benefit from a system that uses the -Os flag to
15 > Another useful approach is to use a custom disk image with just busybox
16 > + the software to run/test.
17 >
18 > > Would a server in a VM actually be more secure than a server in a
19 > > "hardened" chroot jail?
20 > IMO yes, but since you can have both...
21 >
22 > > (though I'd guess that a hardened system would be the best basis for a
23 > > server, VM or chroot; and the logical placement of a VM would be within
24 > > a chroot jail?).
25 > A properly configured VM running in a hardened chroot is going to be
26 > (almost) impossible to escape.
27 >
28 > Note you can also contain your VMs with SELinux (both inside and out).
29 > I've posted some pages on how to do this with UML here:
30 > http://uml.nagafix.co.uk/SELinux/
31 >
32 > Antoine
33 > -----BEGIN PGP SIGNATURE-----
34 > Version: GnuPG v1.4.5 (GNU/Linux)
35 > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
36 >
37 > iD8DBQFFS3pBrTBrLRG7eDcRAhCcAKCD/WOug/w7B+GN8TsmABB5UQA0LQCeOG04
38 > MEZwfrAf9Ie/1WXWsU5gfeg=
39 > =VVh9
40 > -----END PGP SIGNATURE-----
41 > --
42 > gentoo-hardened@g.o mailing list
43 >
44 >