diff options
| author | bnewbold <bnewbold@robocracy.org> | 2012-11-13 23:28:26 +0100 |
|---|---|---|
| committer | bnewbold <bnewbold@robocracy.org> | 2012-11-13 23:28:26 +0100 |
| commit | c4391ddb9afe622a5b8ad4efc62dfdd3b5e301a7 (patch) | |
| tree | 77f101bdba016693f6676830b91cfcd05301ebd7 | |
| parent | db54f77c4d7ed5bca710a3f684d38baa35c282bb (diff) | |
| download | rooter_wiki-c4391ddb9afe622a5b8ad4efc62dfdd3b5e301a7.tar.gz rooter_wiki-c4391ddb9afe622a5b8ad4efc62dfdd3b5e301a7.zip | |
basic sw stack notes
| -rw-r--r-- | design/stack.page | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/design/stack.page b/design/stack.page new file mode 100644 index 0000000..b4e9799 --- /dev/null +++ b/design/stack.page @@ -0,0 +1,21 @@ + +short term base firmware: + +- custom OpenWRT build with LXC support, eglibc + +long term base kernel/firmware: + +- hardened OpenWRT (uclibc?) or minimalist hardened debian +- < 128MB kernel+rootfs +- NanoBSD-style dual partition upgrade procedure + - read-only rootfs + - fixed size writable /var and /etc + - possibly a small overlayfs +- automatic fetching and application of signed security updates +- bundle helpful services, but do not enable them by default + +guest os userspace: + +- debian 7 (wheezy) +- with as many security build flags enabled as possible +- manage with blueprint? |