| 1 |
-----BEGIN PGP SIGNED MESSAGE----- |
| 2 |
Hash: SHA1 |
| 3 |
|
| 4 |
> <snip> |
| 5 |
> |
| 6 |
>> Nick[1] made a post about minimizing Gentoo a while back. |
| 7 |
>> But that topic was mainly about the disk usage. |
| 8 |
>> I suppose you would benefit from a system that uses the -Os flag to |
| 9 |
Another useful approach is to use a custom disk image with just busybox |
| 10 |
+ the software to run/test. |
| 11 |
|
| 12 |
> Would a server in a VM actually be more secure than a server in a |
| 13 |
> "hardened" chroot jail? |
| 14 |
IMO yes, but since you can have both... |
| 15 |
|
| 16 |
> (though I'd guess that a hardened system would be the best basis for a |
| 17 |
> server, VM or chroot; and the logical placement of a VM would be within |
| 18 |
> a chroot jail?). |
| 19 |
A properly configured VM running in a hardened chroot is going to be |
| 20 |
(almost) impossible to escape. |
| 21 |
|
| 22 |
Note you can also contain your VMs with SELinux (both inside and out). |
| 23 |
I've posted some pages on how to do this with UML here: |
| 24 |
http://uml.nagafix.co.uk/SELinux/ |
| 25 |
|
| 26 |
Antoine |
| 27 |
-----BEGIN PGP SIGNATURE----- |
| 28 |
Version: GnuPG v1.4.5 (GNU/Linux) |
| 29 |
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org |
| 30 |
|
| 31 |
iD8DBQFFS3pBrTBrLRG7eDcRAhCcAKCD/WOug/w7B+GN8TsmABB5UQA0LQCeOG04 |
| 32 |
MEZwfrAf9Ie/1WXWsU5gfeg= |
| 33 |
=VVh9 |
| 34 |
-----END PGP SIGNATURE----- |
| 35 |
-- |
| 36 |
gentoo-hardened@g.o mailing list |
Archives