[arch-general] how many virtual machines
Kevin Chadwick
ma1l1ists at yahoo.co.uk
Wed Apr 4 08:36:42 EDT 2012
On Tue, 3 Apr 2012 18:10:12 -0400
Kaiting Chen wrote:
> Yeah run each service as an unprivileged user and you should be fine. If
> security is very critical than run something like SELinux or a similar RBAC
> system.
If you don't mind compiling a kernel, grsecurity and it's accompanying
rbac or using rsbac instead are even better than SELinux.
rsbac will cost you the most time. Grsecurity's rbac has a learning
mode but won't let you selectively apply as the author sees that as a
false sense of security.
OpenBSD is my favourite option for servers but not for nfsv4. Do you
need file locking or can you use something like sftp (ssh file
transfer)?
More information about the arch-general
mailing list