Gentoo Archives: gentoo-security

From: 7v5w7go9ub0o <7v5w7go9ub0o@×××××.com>
Cc: "gentoo-hardened@l.g.o" <gentoo-hardened@l.g.o>, "gentoo-security@l.g.o" <gentoo-security@l.g.o>
Subject: [gentoo-security] Re: Mini Gentoo in VMWare
Date: Fri, 03 Nov 2006 17:13:29
1 >> Basically what I want to do is create a series of VERY tiny VMs that
2 >> are all independent of each other, which provide one service. For
3 >> instance, I might put apache on one VM, and tomcat on another, and so
4 >> on. Obviously, I would want their memory usage to be absolutely
5 >> minimized, seeing that I would like to run them all on one computer.
6 >> I would probably provide them 64M-128M of RAM each, for their specific
7 >> service. Perhaps a little more if really required.
9 Lots of interest in VMs lately - Is this to increase security (isolating
10 servers and components in case one is compromised)? Or perhaps you are
11 isolating components for the purpose of evaluating them?
13 <snip>
15 > Nick[1] made a post about minimizing Gentoo a while back.
16 > But that topic was mainly about the disk usage.
17 > I suppose you would benefit from a system that uses the -Os flag to
19 <snip>
21 > But do you think vmware is fit for such a task?
22 > vmware is a big strain on resources itself.
23 > You might want to have a look at xen[2] instead.
24 >
25 > [1]
26 > [2]
28 Presuming that one is seeking greater security, how does xen compare with
29 vmware in that regard?
31 Would a server in a VM actually be more secure than a server in a
32 "hardened" chroot jail?
34 (though I'd guess that a hardened system would be the best basis for a
35 server, VM or chroot; and the logical placement of a VM would be within a
36 chroot jail?).
38 TIA
41 --
42 gentoo-security@g.o mailing list


Subject Author
Re: [gentoo-security] Re: Mini Gentoo in VMWare Antoine Martin <antoine@××××××××××.uk>
Re: [gentoo-security] Re: Mini Gentoo in VMWare "Brian G. Peterson" <brian@×××××××××.com>
Re: [gentoo-security] Re: Mini Gentoo in VMWare Kevin van Haaren <kevin@×××××××××.net>