Maintaining Xen with FAI - Questions

[Michael Tautschnig]

[...]
> 
> I always thought using custom xen kernels is  better for security? So  
> you can do a bit kernel-hardening and just put the things in Dom0 and  
> DomU you want and not just everything that seems to be used by the  
> common debian user (?) . Well, does the standard xen-kernel from  
> debian also provide HVM support for using win xp? does it include tun/ 
> tap device support for creating openVPN domains?

It might well be better for security reasons, I just don't know :-) HVM:
Probably not, at least there is no *HVM* option in my config file. But tun/tap
is there (I'm sending this one over an OpenVPN connection to my Xen-based
server).



> I'm still not very familiar with the thought of using this .deb-pkg  
> while having the opportunity to build it myself and having the power  
> over what goes into my kernel and what doesnt. I want to build  
> servers for day-to-day use, I just want to have a little bit more  
> control :-)
> 
> Would be still interesting to know how to build all these things from  
> source.
Building from source is nice, if you can afford to spend so much time on such
things. A simple apt-get install usually saves a lot of pain... And in case
something doesn't work, just ask the BTS or report the problem, it's others to
care about it.

> 
> How did you get your custom kernel to run with fai?
>
Hmm, could you be a bit more precise about your actual problem with doing that?
dpkg -i it into the nfsroot or have make-fai-nfsroot do it or whatever, or what
is the troublesome step at your site?

Thanks,
Michael



-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 186 bytes
Desc: not available
Url : http://lists.uni-koeln.de/pipermail/linux-fai/attachments/20061130/4c23e765/attachment.bin