Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-hardened@g.o
From: "Javi Moreno" <vierito5@...>
Subject: Re: Re: [gentoo-security] Re: Mini Gentoo in VMWare
Date: Fri, 3 Nov 2006 18:38:24 +0100
Running a chroot jailed service in a chroot jailed VM...cool xD<br><br>It's kind of redundant but I don't know if it's worthy.<br><br><div><span class="gmail_quote">On 11/3/06, <b class="gmail_sendername">Antoine Martin</b>
 &lt;<a href="mailto:antoine@...">antoine@...</a>&gt; wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">-----BEGIN PGP SIGNED MESSAGE-----
<br>Hash: SHA1<br><br>&gt; &lt;snip&gt;<br>&gt;<br>&gt;&gt; Nick[1] made a post about minimizing Gentoo a while back.<br>&gt;&gt; But that topic was mainly about the disk usage.<br>&gt;&gt; I suppose you would benefit from a system that uses the -Os flag to
<br>Another useful approach is to use a custom disk image with just busybox<br>+ the software to run/test.<br><br>&gt; Would a server in a VM actually be more secure than a server in a<br>&gt; &quot;hardened&quot; chroot jail?
<br>IMO yes, but since you can have both...<br><br>&gt; (though I'd guess that a hardened system would be the best basis for a<br>&gt; server, VM or chroot; and the logical placement of a VM would be within<br>&gt; a chroot jail?).
<br>A properly configured VM running in a hardened chroot is going to be<br>(almost) impossible to escape.<br><br>Note you can also contain your VMs with SELinux (both inside and out).<br>I've posted some pages on how to do this with UML here:
<br><a href="http://uml.nagafix.co.uk/SELinux/">http://uml.nagafix.co.uk/SELinux/</a><br><br>Antoine<br>-----BEGIN PGP SIGNATURE-----<br>Version: GnuPG v1.4.5 (GNU/Linux)<br>Comment: Using GnuPG with Mozilla - <a href="http://enigmail.mozdev.org">
http://enigmail.mozdev.org</a><br><br>iD8DBQFFS3pBrTBrLRG7eDcRAhCcAKCD/WOug/w7B+GN8TsmABB5UQA0LQCeOG04<br>MEZwfrAf9Ie/1WXWsU5gfeg=<br>=VVh9<br>-----END PGP SIGNATURE-----<br>--<br><a href="mailto:gentoo-hardened@g.o">
gentoo-hardened@g.o</a> mailing list<br><br></blockquote></div><br>
References:
Re: Mini Gentoo in VMWare
-- 7v5w7go9ub0o
Re: Re: Mini Gentoo in VMWare
-- Antoine Martin
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: Re: Mini Gentoo in VMWare
Next by thread:
Re: Re: Mini Gentoo in VMWare
Previous by date:
Re: Re: Mini Gentoo in VMWare
Next by date:
Re: Re: Mini Gentoo in VMWare


Updated Jun 17, 2009

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.