List Archive: gentoo-security
Note: Due to technical difficulties, the Archives are currently not up to date.
provides an alternative service for most mailing lists.c.f. bug 424647
Running a chroot jailed service in a chroot jailed VM...cool xD<br><br>It's kind of redundant but I don't know if it's worthy.<br><br><div><span class="gmail_quote">On 11/3/06, <b class="gmail_sendername">Antoine Martin</b>
<<a href="mailto:antoine@...">antoine@...</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">-----BEGIN PGP SIGNED MESSAGE-----
<br>Hash: SHA1<br><br>> <snip><br>><br>>> Nick made a post about minimizing Gentoo a while back.<br>>> But that topic was mainly about the disk usage.<br>>> I suppose you would benefit from a system that uses the -Os flag to
<br>Another useful approach is to use a custom disk image with just busybox<br>+ the software to run/test.<br><br>> Would a server in a VM actually be more secure than a server in a<br>> "hardened" chroot jail?
<br>IMO yes, but since you can have both...<br><br>> (though I'd guess that a hardened system would be the best basis for a<br>> server, VM or chroot; and the logical placement of a VM would be within<br>> a chroot jail?).
<br>A properly configured VM running in a hardened chroot is going to be<br>(almost) impossible to escape.<br><br>Note you can also contain your VMs with SELinux (both inside and out).<br>I've posted some pages on how to do this with UML here:
<br><a href="http://uml.nagafix.co.uk/SELinux/">http://uml.nagafix.co.uk/SELinux/</a><br><br>Antoine<br>-----BEGIN PGP SIGNATURE-----<br>Version: GnuPG v1.4.5 (GNU/Linux)<br>Comment: Using GnuPG with Mozilla - <a href="http://enigmail.mozdev.org">
http://enigmail.mozdev.org</a><br><br>iD8DBQFFS3pBrTBrLRG7eDcRAhCcAKCD/WOug/w7B+GN8TsmABB5UQA0LQCeOG04<br>MEZwfrAf9Ie/1WXWsU5gfeg=<br>=VVh9<br>-----END PGP SIGNATURE-----<br>--<br><a href="mailto:firstname.lastname@example.org">
email@example.com</a> mailing list<br><br></blockquote></div><br>