List Archive: gentoo-security
Note: Due to technical difficulties, the Archives are currently not up to date.
provides an alternative service for most mailing lists.c.f. bug 424647
-----BEGIN PGP SIGNED MESSAGE-----
>> Nick made a post about minimizing Gentoo a while back.
>> But that topic was mainly about the disk usage.
>> I suppose you would benefit from a system that uses the -Os flag to
Another useful approach is to use a custom disk image with just busybox
+ the software to run/test.
> Would a server in a VM actually be more secure than a server in a
> "hardened" chroot jail?
IMO yes, but since you can have both...
> (though I'd guess that a hardened system would be the best basis for a
> server, VM or chroot; and the logical placement of a VM would be within
> a chroot jail?).
A properly configured VM running in a hardened chroot is going to be
(almost) impossible to escape.
Note you can also contain your VMs with SELinux (both inside and out).
I've posted some pages on how to do this with UML here:
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
firstname.lastname@example.org mailing list