List Archive: gentoo-security
Note: Due to technical difficulties, the Archives are currently not up to date.
provides an alternative service for most mailing lists.c.f. bug 424647
>> Basically what I want to do is create a series of VERY tiny VMs that
>> are all independent of each other, which provide one service. For
>> instance, I might put apache on one VM, and tomcat on another, and so
>> on. Obviously, I would want their memory usage to be absolutely
>> minimized, seeing that I would like to run them all on one computer.
>> I would probably provide them 64M-128M of RAM each, for their specific
>> service. Perhaps a little more if really required.
Lots of interest in VMs lately - Is this to increase security (isolating
servers and components in case one is compromised)? Or perhaps you are
isolating components for the purpose of evaluating them?
> Nick made a post about minimizing Gentoo a while back.
> But that topic was mainly about the disk usage.
> I suppose you would benefit from a system that uses the -Os flag to
> But do you think vmware is fit for such a task?
> vmware is a big strain on resources itself.
> You might want to have a look at xen instead.
>  http://thread.gmane.org/gmane.linux.gentoo.user/160899/focus=160903
>  http://www.xensource.com/xen/xen/index.html
Presuming that one is seeking greater security, how does xen compare with
vmware in that regard?
Would a server in a VM actually be more secure than a server in a
"hardened" chroot jail?
(though I'd guess that a hardened system would be the best basis for a
server, VM or chroot; and the logical placement of a VM would be within a
email@example.com mailing list