Gentoo Archives: gentoo-security

From: Antoine Martin <antoine@××××××××××.uk>
To: gentoo-security@l.g.o
Cc: "gentoo-hardened@l.g.o" <gentoo-hardened@l.g.o>
Subject: Re: [gentoo-security] Re: Mini Gentoo in VMWare
Date: Fri, 03 Nov 2006 17:28:08
In Reply to: [gentoo-security] Re: Mini Gentoo in VMWare by 7v5w7go9ub0o <>
Hash: SHA1

> <snip> > >> Nick[1] made a post about minimizing Gentoo a while back. >> But that topic was mainly about the disk usage. >> I suppose you would benefit from a system that uses the -Os flag to
Another useful approach is to use a custom disk image with just busybox + the software to run/test.
> Would a server in a VM actually be more secure than a server in a > "hardened" chroot jail?
IMO yes, but since you can have both...
> (though I'd guess that a hardened system would be the best basis for a > server, VM or chroot; and the logical placement of a VM would be within > a chroot jail?).
A properly configured VM running in a hardened chroot is going to be (almost) impossible to escape. Note you can also contain your VMs with SELinux (both inside and out). I've posted some pages on how to do this with UML here: Antoine -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Mozilla - iD8DBQFFS3pBrTBrLRG7eDcRAhCcAKCD/WOug/w7B+GN8TsmABB5UQA0LQCeOG04 MEZwfrAf9Ie/1WXWsU5gfeg= =VVh9 -----END PGP SIGNATURE----- -- gentoo-security@g.o mailing list


Subject Author
Re: [gentoo-hardened] Re: [gentoo-security] Re: Mini Gentoo in VMWare Javi Moreno <vierito5@×××××.com>