Gentoo Archives: gentoo-security

From: 7v5w7go9ub0o <7v5w7go9ub0o@×××××.com>
Cc: "gentoo-hardened@l.g.o" <gentoo-hardened@l.g.o>, "gentoo-security@l.g.o" <gentoo-security@l.g.o>
Subject: [gentoo-security] Re: Mini Gentoo in VMWare
Date: Fri, 03 Nov 2006 17:13:29
>> Basically what I want to do is create a series of VERY tiny VMs that >> are all independent of each other, which provide one service. For >> instance, I might put apache on one VM, and tomcat on another, and so >> on. Obviously, I would want their memory usage to be absolutely >> minimized, seeing that I would like to run them all on one computer. >> I would probably provide them 64M-128M of RAM each, for their specific >> service. Perhaps a little more if really required.
Lots of interest in VMs lately - Is this to increase security (isolating servers and components in case one is compromised)? Or perhaps you are isolating components for the purpose of evaluating them? <snip>
> Nick[1] made a post about minimizing Gentoo a while back. > But that topic was mainly about the disk usage. > I suppose you would benefit from a system that uses the -Os flag to
> But do you think vmware is fit for such a task? > vmware is a big strain on resources itself. > You might want to have a look at xen[2] instead. > > [1] > [2]
Presuming that one is seeking greater security, how does xen compare with vmware in that regard? Would a server in a VM actually be more secure than a server in a "hardened" chroot jail? (though I'd guess that a hardened system would be the best basis for a server, VM or chroot; and the logical placement of a VM would be within a chroot jail?). TIA -- gentoo-security@g.o mailing list


Subject Author
Re: [gentoo-security] Re: Mini Gentoo in VMWare Antoine Martin <antoine@××××××××××.uk>
Re: [gentoo-security] Re: Mini Gentoo in VMWare "Brian G. Peterson" <brian@×××××××××.com>
Re: [gentoo-security] Re: Mini Gentoo in VMWare Kevin van Haaren <kevin@×××××××××.net>