Purposeful, progressive guide to build a minimal, container-enabled, hardened Linux distribution from source. Each chapter is structured for learning: objectives, quick-start commands, diagrams, exercises and next steps.
- 01-kernel-acquisition/ - Kernel acquisition and verification
- 02-toolchain-setup/ - Build a clean cross-compilation toolchain
- 03-basic-system/ - Build core userland utilities and libraries
- 04-kernel-configuration/ - Kernel tuning, hardening, container features
- 05-bootloader/ - GRUB, initramfs and secure boot notes
- 06-system-configuration/ - Users, networking and services
- 07-package-management/ - Package tooling, repository, and desktop environment
- 08-security-hardening/ - SELinux/AppArmor, firewall, audit
- 09-container-support/ - Docker, Podman, Buildah and runtime hardening
- 10-testing-deployment/ - Tests, ISO creation and release
- 11-container-operations/ - Container fundamentals, pods, and inter-container communication
- 12-container-security/ - Container attacks, vulnerabilities, and mitigation strategies
- 13-os-comparison/ - Comparing our custom LFS distribution with cloud-native operating systems
- Understand the end-to-end workflow to create a custom Linux distribution
- Learn how to build a reproducible toolchain and core system
- Configure and harden the kernel and runtime for containers
- Package and test the distribution for deployment
These are example commands for a typical Debian/Ubuntu host. Adapt to your distro.
# Basic tools
sudo apt-get update; sudo apt-get install -y git build-essential bison flex texinfo wget xz-utils
# Create workspace (adjust path if needed)
mkdir -p "D:/education/linuxfromscratch" # on Windows host using WSL or similar adjust accordingly
cd d:/education/linuxfromscratch- Follow Chapter 01 to acquire and verify the kernel source. 2. Build the toolchain in Chapter 02. 3. Build basic system packages in Chapter 03. 4. Configure and compile the kernel (Chapter 04). 5. Continue with bootloader, configuration, and packaging.
- Exercise A: Clone the kernel as described in Chapter 1 and record the Makefile VERSION/PATCHLEVEL.
- Exercise B: On a disposable VM, run the toolchain quick-check from Chapter 2 (verify $LFS_TGT-gcc) and record results.
- Linux From Scratch book: https://www.linuxfromscratch.org/lfs/
- Kernel documentation: https://www.kernel.org/doc/
- Docker docs: https://docs.docker.com/
- SELinux project: https://selinuxproject.org/
| Chapter | Topic | Status | Time | Difficulty |
|---|---|---|---|---|
| 01 | Kernel Acquisition | ✅ Core | 2-3h | Beginner |
| 02 | Toolchain Setup | ✅ Core | 4-6h | Intermediate |
| 03 | Basic System | ✅ Core | 6-8h | Intermediate |
| 04 | Kernel Configuration | ✅ Core | 3-4h | Advanced |
| 05 | Bootloader Setup | ✅ Core | 2-3h | Intermediate |
| 06 | System Configuration | ✅ Core | 4-5h | Intermediate |
| 07 | Package Management | ✅ Core | 5-6h | Intermediate |
| 08 | Security Hardening | ✅ Core | 4-5h | Advanced |
| 09 | Container Support | ✅ Core | 3-4h | Advanced |
| 10 | Testing & Deployment | ✅ Core | 2-3h | Intermediate |
| 11 | Container Operations | ✅ Advanced | 3-4h | Advanced |
| 12 | Container Security | ✅ Advanced | 4-5h | Expert |
| 13 | OS Comparison | ✅ Advanced | 2-3h | Intermediate |
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
📦 CORE DISTRIBUTION (Chapters 1-10) - 100% Complete
🔧 ADVANCED FEATURES (Chapters 11-13) - 100% Complete
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
██████████████████████████████████████████████████ 13/13 Chapters Complete
██████████████████████████████████████████████████ 10/10 Core Chapters Complete
██████████████████████████████████████████████████ 3/3 Advanced Chapters Complete
| Previous | Current | Next | Key Sections |
|---|---|---|---|
| N/A | README | 01-kernel-acquisition | Overview, Prerequisites, Setup |
Chapter 01: Previous | 01-kernel-acquisition | Next
Kernel source acquisition, verification, and initial setup
Chapter 02: Previous | 02-toolchain-setup | Next
Cross-compilation toolchain build and validation
Chapter 03: Previous | 03-basic-system | Next
Core system utilities and libraries compilation
Chapter 04: Previous | 04-kernel-configuration | Next
Kernel Menuconfig - Interactive configuration
Hardening Options - Security features
Container Support - Namespaces & cgroups
Kernel Compilation - Build and install
Chapter 05: Previous | 05-bootloader | Next
Bootloader Basics - Boot process fundamentals
GRUB Installation - GRUB setup and configuration
GRUB Configuration - Boot menu and parameters
Initramfs Creation - Initial RAM filesystem
Chapter 06: Previous | 06-system-configuration | Next
User Management - Creating users and groups
Systemd Services - Service management
Networking Setup - Network configuration
Logging Setup - System logging configuration
Chapter 07: Previous | 07-package-management | Next
Package Management Introduction - Package management fundamentals
Pacman Setup - Install and configure pacman
Package Building - Create and build packages
Repository Setup - Repository configuration
Desktop Dependencies - X11, graphics drivers, fonts
Desktop Environment - XFCE installation and configuration
Chapter 08: Previous | 08-security-hardening | Next
SELinux Setup - Mandatory access control
AppArmor Setup - Application confinement
Firewall Setup - Network security
Audit Setup - System auditing
Chapter 09: Previous | 09-container-support | Next
Docker Setup - Docker runtime installation
Podman Setup - Podman container management
Buildah Setup - Image building tools
Registry Setup - Container registry configuration
Chapter 10: Previous | 10-testing-deployment | Next
Unit Testing - Component testing
Integration Testing - System testing
ISO Creation - Distribution packaging
Documentation - Release documentation
Chapter 11: Previous | 11-container-operations | Next
Container Fundamentals - Architecture and lifecycle
Pod Operations - Multi-container management
Inter-Container Communication - Networking patterns
Orchestration - Container orchestration
Chapter 12: Previous | 12-container-security | Next
Threat Modeling - Attack surface analysis
Common Attacks - Vulnerability exploitation
Mitigation Strategies - Defense techniques
Security Testing - Security validation
Chapter 13: Previous | 13-os-comparison | N/A
Cloud-Native OS Comparison - Comparing with modern OSes
CoreOS, Flatcar, K3OS, Bottlerocket, Talos, Kairos analysis
- Phase 1: Foundation Chapters 1-2 (Prerequisites & Toolchain)
- Phase 2: Core System Chapters 3-5 (System Build & Boot)
- Phase 3: Configuration Chapters 6-7 (Services & Packages)
- Phase 4: Security Chapters 8-10 (Hardening & Containers)
- Phase 5: Advanced Chapters 11-13 (Operations, Security & Comparison)
- ✅ Completed: All 13 chapters with comprehensive content
- 🔄 In Progress: None - tutorial is complete
- 📋 Next Steps: Practice exercises, build your distribution
- Chapters 1-3: Basic LFS concepts
- Chapter 4: Kernel basics
- Chapters 5-6: Boot and system config
- Chapter 10: Testing your build
- Full Chapters 1-10: Complete distribution build
- Chapter 11: Container operations
- Focus on exercises and troubleshooting
- Complete all chapters
- Deep dive into security (Chapters 8, 12)
- Customize and extend the distribution
- Contribute back to the project
First Time Here? Start with the Quick Start section above, then proceed to Chapter 1.
Returning Visitor? Use the table of contents or navigation shortcuts to jump to your current chapter.
Looking for Specific Topics? Check the "Quick Access by Topic" section for direct links.
Need Help? Each chapter includes exercises, troubleshooting guides, and references for further reading.
Next step: open 01-kernel-acquisition/README.md and follow the Quick Start section there.