====== Virtuelle Machine on RSBAC-System ======
Running a VM on a host wich has RSBAC + PaX as kernelfeatures.\\
My choose is the [[http://kvm.qumranet.com/kvmwiki|KVM]], because ist the easiest for use and already included in the the mainline kernel. 
Its has enough performace to work on the guest without knowing that it's a virtualized machine.





===== prepear the hostsystem =====
To get more security as the basic distributions offers, to protect the hostsystem\\
I did this:
  * installed the gentoo-hardened
  * running the guestprocess as unpriviliged user ([[wiki:experiences/igraltist/kvm|see HowTo]])
  * setup rsbac_jail to start kvm-guest with it ([[wiki:experiences/igraltist/kvm_guest_jail|see kvm guest jail]])






====== RSBAC-Jail ======
[[wiki:experiences/igraltist/run-jail|run-jail]] is a script wich allow us to setup the rsbac-jail with a configurationfile.

This is the documentation site for [[http://www.rsbac.org/documentation/rsbac_handbook/security_models/jail|rsbac_jail]]