I've been toying with the idea of using a xen virtual machine to segment various at risk applications I run. Once I have some of the kinks worked out I may create a howto. The idea is to create a xen virtual machine that needs as little memory as possible, then run a single application within it. I've done my testing with firefox as the browser tends to be a glutton for punishment. I'm aware that is a bit paranoid, but anytime security is involved, being a little paranoid is good. Beyond the paranoia, if a security feature adds value without being a hinderance, it's a very good thing.
I've found that after installing FC5 and stripping out all services other than sshd, I can run firefox with little trouble in a xen domain allocated 64 MB of memory. It's not as snappy as it would be if I was running it on this desktop instance, but it's very usable. I imagine things would work better if I wasn't tunneling my X connection over ssh.
There are still a few issues I'm trying to work out.
- Sound. Right now I get no sound from things like flash. This is really only an issue when I'm wondering what
Strong Bad is up to.
- Plugins and helper applications. I don't have any movie players configured (see my sound comment above). I also have the problems of viewing various documents. If I open a PDF viewer, my memory needs go up. Something like OpenOffice.org will raise them dramatically. With the price of memory, I can probably handle giving my xen instance 128 MB or 256 MB, but my goal is to be a memory miser.
- Downloads. If I download a file, it lives on my xen instance. This should be fairly easy to solve by enabling NFS.
I've also experimented with the idea of setting my / partition to read only via the xen configuration file. This would ensure that even if someone could become root and get past SELinux, they could only modify /home and /tmp. The other nifty thing with a read only / is that I can share that partition between two concurrent xen sessions without any ill effects (at least none I can see).
That leads into my plans to run firefox and gaim from their very own xen instances, but with a single shared /. That would mean I only have to run a yum update once, and update all my running instances, but there is much testing I still need to do regarding that.
