Re: VM system for firewall use

[Bennett Todd <bet () rahul net>]

2004-10-12T17:53:28 Marcus J. Ranum:
> Don't follow the usual mantra of "minimization" by taking off
> unnecessary stuff, etc. Invert the process and do a "zero build"
> configuration. Install only the absolute minimum of stuff
> necessary to get the machine to boot and start your program(s).
> Leave out the shell, 90% of /dev, all of /bin, /etc, etc. Leave
> out /etc/passwd because you don't have /bin/login, or sshd or any
> of that crud.

A sweet approach. I've not gone quite that far, I leave myself
busybox, which is pretty much all of /bin. But I'll keep the idea
in mind, someday I'll build one of these gizmos, tune it up, then
write an init that just forks and execs the daemons I want and tear
busybox right back off it. In fact, for a single-daemon appliance,
just call its executable init.

-Bennett

Attachment: _bin
Description: