Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-user

From: Bill Longman <bill.longman@×××××.com>
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] Increasing security [WAS: Rooted/compromised Gentoo, seeking advice [Solved?]
Date: Mon, 16 Aug 2010 16:25:51
Message-Id: 4C69663F.1060708@gmail.com
In Reply to: Re: [gentoo-user] Increasing security [WAS: Rooted/compromised Gentoo, seeking advice [Solved?] by Jarry
1 On 08/16/2010 09:07 AM, Jarry wrote:
2 > On 16. 8. 2010 17:29, Mark Knecht wrote:
3 >> On Mon, Aug 16, 2010 at 7:16 AM, Bill Longman<bill.longman@×××××.com>:
4 >>>>
5 >>>> That is why I picked up Linux-VServer (actually, first I tried
6 >>>> OpenVZ but could not make it run). It is a kind of compromise,
7 >>>> where all guests share the same kernel. This brings certain
8 >>>> security implications, but on the other side, I can run dozens
9 >>>> of guest on a moderate machine, with 4-cores and 8GB memory
10 >>>> (i.e. a guest running bind takes just about 20MB of memory)...
11 >>>
12 >>> This looks rather interesting, Jarry. Is it simply a matter of compiling
13 >>> the vserver-sources and util-vserver? Did it take much time to set up
14 >>> the kernel for your box? Or is it pretty much a typical kernel setup?
15 >>> Any good tools in the util-vserver package?
16 >
17 > vserver-sources and util-vserver was all I needed. Kernel is
18 > pretty much like common, with ~10 additional options. util-vserver
19 > contains handy tools, like "v*" (* being emerge, esync, kill,
20 > limit, mount, ps, sched, etc.). Updating all gentoo-guests can be
21 > done with one command executed in host...
22 >
23 >>> Sounds very efficient.
24 >
25 > Really is. Now I'm running 27 guests, mostly gentoo but also
26 > some ubuntu and opensuse. Actually, it is possible to run any
27 > linux-based system (as I said all systems share the same kernel).
28 > There is also pretty good control over resources allocated
29 > to individual guests (disk, memory, cpu).
30 >
31 > Administration is very comfortable. Tasks like clonning,
32 > backup/restore, moving, migration, etc, are very easy to...
33 >
34 >> I guess the baselayout-vserver packages is somehow for setting up each
35 >> of the guests?
36 >
37 > Guests are installed using customised stage3 (baselayout2-based).
38 > After that, you work with them as with normal gentoo-system.
39
40 The Gentoo version of Solaris Zones! w00t!
Report Message
Find on MARC Find on Google Groups