1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
> <snip> |
5 |
> |
6 |
>> Nick[1] made a post about minimizing Gentoo a while back. |
7 |
>> But that topic was mainly about the disk usage. |
8 |
>> I suppose you would benefit from a system that uses the -Os flag to |
9 |
Another useful approach is to use a custom disk image with just busybox |
10 |
+ the software to run/test. |
11 |
|
12 |
> Would a server in a VM actually be more secure than a server in a |
13 |
> "hardened" chroot jail? |
14 |
IMO yes, but since you can have both... |
15 |
|
16 |
> (though I'd guess that a hardened system would be the best basis for a |
17 |
> server, VM or chroot; and the logical placement of a VM would be within |
18 |
> a chroot jail?). |
19 |
A properly configured VM running in a hardened chroot is going to be |
20 |
(almost) impossible to escape. |
21 |
|
22 |
Note you can also contain your VMs with SELinux (both inside and out). |
23 |
I've posted some pages on how to do this with UML here: |
24 |
http://uml.nagafix.co.uk/SELinux/ |
25 |
|
26 |
Antoine |
27 |
-----BEGIN PGP SIGNATURE----- |
28 |
Version: GnuPG v1.4.5 (GNU/Linux) |
29 |
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org |
30 |
|
31 |
iD8DBQFFS3pBrTBrLRG7eDcRAhCcAKCD/WOug/w7B+GN8TsmABB5UQA0LQCeOG04 |
32 |
MEZwfrAf9Ie/1WXWsU5gfeg= |
33 |
=VVh9 |
34 |
-----END PGP SIGNATURE----- |
35 |
-- |
36 |
gentoo-security@g.o mailing list |