>> Figured it out: the dhcp server in vbox hands out the dns server of the >> host (in my case my corporate dns server). Dhclient reverse looks up >> 10.0.2.15 (the address of the vm) and gets a valid response from the >> corporate dns server. Annoyingly this is used to name the volume group >> during partitioning. The only foolproof way may be to write a custom >> partman recipe in preseed.cfg. > >Okay this is the issue :) I'll fix in preseed.cfg so we'll have only >one root partition (and maybe a small swap but not required I think?) >like the present systemvm which too has only one / partition, unless >you want a different scheme.
Actually prefer different partitions for securing against local attacks. The CIS Benchmark [http://benchmarks.cisecurity.org/downloads/benchmarks/] recommends the following: "Minimally, the following conditions should must exist: * user writable directories (i.e /tmp) should have their own partitions to prevent hardlink attacks * /var and /opt should should not share a partition with the system root '/'" > >> >> I've left a few FIXME in cloudstack-packages.sh, please take a look. > >Except for the signature creator I fixed other ones. How do you >propose we create the signature, use latest git SHA? Currently it is the md5 of the patches/systemvm/debian/config and patches/systemvm/debian/vpn tar gzip. > >Regards. > >> >> -- >> Chiradeep >>
