>> Basically what I want to do is create a series of VERY tiny VMs that
>> are all independent of each other, which provide one service. For
>> instance, I might put apache on one VM, and tomcat on another, and so
>> on. Obviously, I would want their memory usage to be absolutely
>> minimized, seeing that I would like to run them all on one computer.
>> I would probably provide them 64M-128M of RAM each, for their specific
>> service. Perhaps a little more if really required.
Lots of interest in VMs lately - Is this to increase security (isolating
servers and components in case one is compromised)? Or perhaps you are
isolating components for the purpose of evaluating them?
<snip>
> Nick[1] made a post about minimizing Gentoo a while back.
> But that topic was mainly about the disk usage.
> I suppose you would benefit from a system that uses the -Os flag to
<snip>
> But do you think vmware is fit for such a task?
> vmware is a big strain on resources itself.
> You might want to have a look at xen[2] instead.
>
> [1] http://thread.gmane.org/gmane.linux.gentoo.user/160899/focus=160903
> [2] http://www.xensource.com/xen/xen/index.html
Presuming that one is seeking greater security, how does xen compare with
vmware in that regard?
Would a server in a VM actually be more secure than a server in a
"hardened" chroot jail?
(though I'd guess that a hardened system would be the best basis for a
server, VM or chroot; and the logical placement of a VM would be within a
chroot jail?).
TIA
--
gentoo-security@gentoo.org mailing list
>> are all independent of each other, which provide one service. For
>> instance, I might put apache on one VM, and tomcat on another, and so
>> on. Obviously, I would want their memory usage to be absolutely
>> minimized, seeing that I would like to run them all on one computer.
>> I would probably provide them 64M-128M of RAM each, for their specific
>> service. Perhaps a little more if really required.
Lots of interest in VMs lately - Is this to increase security (isolating
servers and components in case one is compromised)? Or perhaps you are
isolating components for the purpose of evaluating them?
<snip>
> Nick[1] made a post about minimizing Gentoo a while back.
> But that topic was mainly about the disk usage.
> I suppose you would benefit from a system that uses the -Os flag to
<snip>
> But do you think vmware is fit for such a task?
> vmware is a big strain on resources itself.
> You might want to have a look at xen[2] instead.
>
> [1] http://thread.gmane.org/gmane.linux.gentoo.user/160899/focus=160903
> [2] http://www.xensource.com/xen/xen/index.html
Presuming that one is seeking greater security, how does xen compare with
vmware in that regard?
Would a server in a VM actually be more secure than a server in a
"hardened" chroot jail?
(though I'd guess that a hardened system would be the best basis for a
server, VM or chroot; and the logical placement of a VM would be within a
chroot jail?).
TIA
--
gentoo-security@gentoo.org mailing list