Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 21 Sep 2013 02:47:51 +0400
From: Solar Designer <solar@...nwall.com>
To: owl-users@...ts.openwall.com
Subject: Re: Owl 3.0 and Virtual Machine Setup?

On Thu, Sep 19, 2013 at 04:58:40AM -0400, Jeffrey Walton wrote:
> I don't have bare metal, so I'm concerned about performance: Mac OS X
> running a Linux kernel running an OpenVZ virtual machine (am I reading
> this right: http://openvz.org/Main_Page?). One virtual machine
> stresses this MacBook (8 Cores with 8GB RAM), and two drops it to its
> knees because of disk bottlenecks.

OpenVZ has practically no performance overhead.  It is not a virtual
machine, but is container-based virtualization within the same kernel.
We're always running an OpenVZ-enabled kernel anyway.

> Would you happen to know how to start the dhcp client?

You might be surprised and disappointed, but we do not officially
provide a DHCP client in Owl.  (We do provide a DHCP server, though.)
This is something we've been meaning to change (for use cases such as
yours), by introducing a properly privilege-separated DHCP client, but
haven't gotten around to doing yet.

For now, build of a DHCP client may be enabled in the dhcp.spec file by
changing the 0 to 1 here:

# We do not officially support the DHCP client because it is rather
# complicated, yet it runs entirely as root, which we find an
# unacceptable and unjustified security risk.  If you enable this
# setting, then you're essentially running your own revision of this
# package, and you're on your own with possible vulnerabilities.
%define BUILD_DHCP_CLIENT 0

Of course, for this you need to setup a proper /usr/src/world first,
with the Owl source tree.  The sources are present in there on our ISOs,
but are not automatically copied to an installed system.

> I don't have a network connection at the moment.

Another approach is to configure a static IP address.  This is what I
do when running Owl in QEMU.  Of course, you need to also configure your
VMware accordingly (I am not familiar with this, sorry).

If you can get VMware to "route" a private netblock to the VM, then
you'd be able to assign such IP addresses not only to your Owl "host
system", but also to OpenVZ containers, and to SSH in to them
individually from your Mac.

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ