Gentoo Archives: gentoo-security

From: Javi Moreno <vierito5@×××××.com>
To: gentoo-hardened@l.g.o
Cc: gentoo-security@l.g.o
Subject: Re: [gentoo-hardened] Re: [gentoo-security] Re: Mini Gentoo in VMWare
Date: Fri, 03 Nov 2006 17:47:55
In Reply to: Re: [gentoo-security] Re: Mini Gentoo in VMWare by Antoine Martin
Running a chroot jailed service in a chroot jailed xD

It's kind of redundant but I don't know if it's worthy.

On 11/3/06, Antoine Martin <antoine@××××××××××.uk> wrote:
> > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > <snip> > > > >> Nick[1] made a post about minimizing Gentoo a while back. > >> But that topic was mainly about the disk usage. > >> I suppose you would benefit from a system that uses the -Os flag to > Another useful approach is to use a custom disk image with just busybox > + the software to run/test. > > > Would a server in a VM actually be more secure than a server in a > > "hardened" chroot jail? > IMO yes, but since you can have both... > > > (though I'd guess that a hardened system would be the best basis for a > > server, VM or chroot; and the logical placement of a VM would be within > > a chroot jail?). > A properly configured VM running in a hardened chroot is going to be > (almost) impossible to escape. > > Note you can also contain your VMs with SELinux (both inside and out). > I've posted some pages on how to do this with UML here: > > > Antoine > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.5 (GNU/Linux) > Comment: Using GnuPG with Mozilla - > > iD8DBQFFS3pBrTBrLRG7eDcRAhCcAKCD/WOug/w7B+GN8TsmABB5UQA0LQCeOG04 > MEZwfrAf9Ie/1WXWsU5gfeg= > =VVh9 > -----END PGP SIGNATURE----- > -- > gentoo-hardened@g.o mailing list > >