From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1Ol2VR-00012L-RZ for garchives@archives.gentoo.org; Mon, 16 Aug 2010 16:25:51 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 74D21E08F4; Mon, 16 Aug 2010 16:24:48 +0000 (UTC) Received: from mail-pw0-f53.google.com (mail-pw0-f53.google.com [209.85.160.53]) by pigeon.gentoo.org (Postfix) with ESMTP id 46297E08F4 for ; Mon, 16 Aug 2010 16:24:48 +0000 (UTC) Received: by pwi5 with SMTP id 5so1656422pwi.40 for ; Mon, 16 Aug 2010 09:24:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:subject:references:in-reply-to :x-enigmail-version:content-type:content-transfer-encoding; bh=uwlCXOo41d+kJuPNt82CKCdG9EkDMuUAXcrJNPmURXo=; b=LxgAb7A7B/P61YO8gQDSFD/N9vvV1HbqZwsItgKKnrEJrNYf9Pu0z3mIbvgNXQUnzd gZSZ1Xpj6nWsQ6wH92AOaqvBStJxfsBCinvC+cFnsrQ98p0npDnP3IX7PYENJOKNtDCD oagyrl1It8XiPsX2m5bPL3EGVJzmV6QUrBe3U= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:x-enigmail-version:content-type :content-transfer-encoding; b=qZPt/bAuuyyeVa/s+12XfJ1SRoGxyAAv8q74XhYwakptY0uAti138KtFA697B/aXnk KeeoDCBTLHRg3zgL1eXRlOYYrvsJcCO0eyeqK0K4J7QcPT8+beI3AhoFpuyp9jWdO7Jb yPriBh6c25m6+wGFo33PXV6wZh5lZtOzKCk9E= Received: by 10.114.125.17 with SMTP id x17mr6451119wac.22.1281975885126; Mon, 16 Aug 2010 09:24:45 -0700 (PDT) Received: from [192.168.0.12] ([209.20.133.224]) by mx.google.com with ESMTPS id c24sm12468058wam.7.2010.08.16.09.24.38 (version=SSLv3 cipher=RC4-MD5); Mon, 16 Aug 2010 09:24:38 -0700 (PDT) Message-ID: <4C69663F.1060708@gmail.com> Date: Mon, 16 Aug 2010 09:24:31 -0700 From: Bill Longman User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.7) Gecko/20100727 Thunderbird/3.1.1 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Increasing security [WAS: Rooted/compromised Gentoo, seeking advice [Solved?] References: <20100813152553.GB21326@nibiru.local> <4C657BCA.9000703@gmail.com> <20100813190533.GB26738@nibiru.local> <4C66EF53.3050701@gmail.com> <4C69483D.1090705@gmail.com> <4C696255.20505@gmail.com> In-Reply-To: <4C696255.20505@gmail.com> X-Enigmail-Version: 1.1.2 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Archives-Salt: 94170c21-d818-44ee-b32f-fdef75fa21d0 X-Archives-Hash: 6e941735659ac4397d61dc7360bd7bf1 On 08/16/2010 09:07 AM, Jarry wrote: > On 16. 8. 2010 17:29, Mark Knecht wrote: >> On Mon, Aug 16, 2010 at 7:16 AM, Bill Longman: >>>> >>>> That is why I picked up Linux-VServer (actually, first I tried >>>> OpenVZ but could not make it run). It is a kind of compromise, >>>> where all guests share the same kernel. This brings certain >>>> security implications, but on the other side, I can run dozens >>>> of guest on a moderate machine, with 4-cores and 8GB memory >>>> (i.e. a guest running bind takes just about 20MB of memory)... >>> >>> This looks rather interesting, Jarry. Is it simply a matter of compiling >>> the vserver-sources and util-vserver? Did it take much time to set up >>> the kernel for your box? Or is it pretty much a typical kernel setup? >>> Any good tools in the util-vserver package? > > vserver-sources and util-vserver was all I needed. Kernel is > pretty much like common, with ~10 additional options. util-vserver > contains handy tools, like "v*" (* being emerge, esync, kill, > limit, mount, ps, sched, etc.). Updating all gentoo-guests can be > done with one command executed in host... > >>> Sounds very efficient. > > Really is. Now I'm running 27 guests, mostly gentoo but also > some ubuntu and opensuse. Actually, it is possible to run any > linux-based system (as I said all systems share the same kernel). > There is also pretty good control over resources allocated > to individual guests (disk, memory, cpu). > > Administration is very comfortable. Tasks like clonning, > backup/restore, moving, migration, etc, are very easy to... > >> I guess the baselayout-vserver packages is somehow for setting up each >> of the guests? > > Guests are installed using customised stage3 (baselayout2-based). > After that, you work with them as with normal gentoo-system. The Gentoo version of Solaris Zones! w00t!