incubator-cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rohit Yadav <>
Subject Re: Building SystemVM template appliance
Date Thu, 14 Feb 2013 10:30:13 GMT
Hi Chiradeep,

>>Okay this is the issue :) I'll fix in preseed.cfg so we'll have only
>>one root partition (and maybe a small swap but not required I think?)
>>like the present systemvm which too has only one / partition, unless
>>you want a different scheme.
> Actually prefer different partitions for securing against local attacks.
> The CIS
> Benchmark []
> recommends the following:
> "Minimally, the following conditions should must exist:
> * user writable directories (i.e /tmp) should have their own partitions to
> prevent hardlink attacks
> * /var and /opt should should not share a partition with the system root
> '/'"

Sure, I can do that.

>>> I've left a few FIXME in, please take a look.
>>Except for the signature creator I fixed other ones. How do you
>>propose we create the signature, use latest git SHA?
> Currently it is the md5 of the patches/systemvm/debian/config and
> patches/systemvm/debian/vpn tar gzip.

Cool thanks.

To update, I'm able to build a systemvm appliance with vbox and able
to convert the disk image to vmdk, hyper-v vhd, qcow2 and ova
(vmware), but I've not tested them. Next week, I'll take help from
Prasanna to setup a jenkins job on j.c.o. I cannot do it on b.a.o, as
I need to test it first, fix the building process and it would need a
linux host that can run vbox. The total build time takes about ~25
mins on my laptop if internet speed is good enough.


>>> --
>>> Chiradeep

View raw message