diff --git a/Makefile b/Makefile
index 163ed5b..e5ff336 100644
--- a/Makefile
+++ b/Makefile
@@ -1,4 +1,4 @@
-.PHONY: build run ci get-alpine-rootfs
+.PHONY: build run ci
 .EXPORT_ALL_VARIABLES:
 
 GOARCH=amd64
@@ -11,17 +11,19 @@ GOBUILDFLAGS=-tags dev
 
 EXEC=out/main
 
-build: out/alpine-minirootfs-3.19.0-x86_64.tar.gz $(EXEC)
+build: $(EXEC)
 
 run: $(EXEC)
 	@chmod +x $(EXEC)
-	$(EXEC)
+	sudo $(EXEC)
+
+NS=practical_murdock
+ssh:
+	sudo ip netns exec $(NS) ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeychecking=no 172.16.0.2
 
 ci:
 	golangci-lint run --fix
 
-get-alpine-rootfs: out/alpine-minirootfs-3.19.0-x86_64.tar.gz
-
 publish:
 	scp $(EXEC) sf314:~/firecracker/
 
@@ -32,6 +34,3 @@ dependencies:
 $(EXEC): cmd/main.go dependencies
 	@echo "build for os $$GOOS and arch $$GOARCH"
 	go build -o $@ -ldflags="$(LDFLAGS)" $(GOBUILDFLAGS) $<
-
-out/alpine-minirootfs-3.19.0-x86_64.tar.gz:
-	wget -O $@ https://dl-cdn.alpinelinux.org/alpine/v3.19/releases/x86_64/alpine-minirootfs-3.19.0-x86_64.tar.gz
diff --git a/cmd/main.go b/cmd/main.go
index df36fc7..73c3e99 100644
--- a/cmd/main.go
+++ b/cmd/main.go
@@ -89,17 +89,18 @@ func setupEnv() int {
 	cpuCount := int64(4)
 	memorySize := int64(1024)
 	isSmt := true
+	socketPath := "/tmp/firecracker.socket"
 
 	cfg := firecracker.Config{
-		SocketPath:      "/tmp/firecracker.socket",
-		KernelImagePath: "./vmlinux-5.10.204",
-		LogPath:         "./firecracker.log",
+		SocketPath:      socketPath,
+		KernelImagePath: "./out/vmlinux-5.10.204",
+		LogPath:         "./out/firecracker.log",
 		LogLevel:        "Debug",
 		KernelArgs:      "console=ttyS0 reboot=k panic=1 pci=off",
 		Drives: []models.Drive{
 			{
 				DriveID:      firecracker.String("rootfs"),
-				PathOnHost:   firecracker.String("./ubuntu-22.04.ext4"),
+				PathOnHost:   firecracker.String("./out/rootfs.ext4"),
 				IsReadOnly:   firecracker.Bool(false),
 				IsRootDevice: firecracker.Bool(true),
 			},
@@ -124,7 +125,7 @@ func setupEnv() int {
 		firecracker.WithProcessRunner(
 			firecracker.VMCommandBuilder{}.
 				WithBin("firecracker").
-				WithSocketPath("/tmp/firecracker.socket").
+				WithSocketPath(socketPath).
 				Build(ctx),
 		),
 		firecracker.WithLogger(logrus.NewEntry(log)),
diff --git a/rootfs-kernel/Makefile b/rootfs-kernel/Makefile
new file mode 100644
index 0000000..71cce6e
--- /dev/null
+++ b/rootfs-kernel/Makefile
@@ -0,0 +1,27 @@
+.PHONY: use-arch use-ubuntu
+
+# aarch64
+# x86_64
+ARCH=x86_64
+
+use-arch: ../out/arch-rootfs.ext4
+	ln -fs $< ../out/rootfs.ext4
+
+use-ubuntu: ../out/ubuntu-22.04.ext4 ../out/ubuntu-22.04.id_rsa
+	ln -fs $< ../out/rootfs.ext4
+
+kernel: ../out/vmlinux-5.10.204
+	@echo "linux kernel retrieve"
+
+../out/vmlinux-5.10.204:
+	wget -O $@ https://s3.amazonaws.com/spec.ccfc.min/firecracker-ci/v1.7/$(ARCH)/vmlinux-5.10.204
+
+../out/arch-rootfs.ext4: ./arch-rootfs.sh
+	bash ./arch-rootfs.sh
+
+../out/ubuntu-22.04.ext4:
+	wget -O $@ https://s3.amazonaws.com/spec.ccfc.min/firecracker-ci/v1.7/$(ARCH)/ubuntu-22.04.ext4
+
+../out/ubuntu-22.04.id_rsa:
+	wget -O $@ https://s3.amazonaws.com/spec.ccfc.min/firecracker-ci/v1.7/$(ARCH)/ubuntu-22.04.id_rsa
+	chmod 400 $@
diff --git a/rootfs-kernel/arch-rootfs.sh b/rootfs-kernel/arch-rootfs.sh
new file mode 100755
index 0000000..7f9313c
--- /dev/null
+++ b/rootfs-kernel/arch-rootfs.sh
@@ -0,0 +1,53 @@
+#!/usr/bin/env bash
+
+# inspired by https://github.com/oraoto/archlinux-firecracker/blob/master/scripts/build-arch-rootfs.sh
+
+set -ex
+
+DISK_SIZE=10G
+DISK_FILE=../out/arch-rootfs.ext4
+DISK_ROOT=../out/mount
+
+# Allocate rootfs disk
+fallocate -l "$DISK_SIZE" "$DISK_FILE"
+mkfs.ext4 -F $DISK_FILE
+
+# Mount rootfs to mount
+mkdir -p $DISK_ROOT
+
+sudo mount $DISK_FILE $DISK_ROOT
+
+sudo pacstrap -c $DISK_ROOT bash filesystem systemd-sysvcompat pacman iproute2 openssh git vim
+
+echo "nameserver 1.1.1.1" | sudo tee $DISK_ROOT/etc/resolv.conf
+
+sudo tee $DISK_ROOT/etc/systemd/system/internal-network.service <<-'EOF'
+[Unit]
+Description=Internal Network
+
+[Service]
+Type=oneshot
+ExecStart=ip link set eth0 up
+ExecStart=ip addr add 172.16.0.2/24 dev eth0
+ExecStart=ip route add default via 172.16.0.1 dev eth0
+RemainAfterExit=yes
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+sudo ln -s /etc/systemd/system/internal-network.service $DISK_ROOT/etc/systemd/system/multi-user.target.wants/
+sudo ln -s /usr/lib/systemd/system/sshd.service $DISK_ROOT/etc/systemd/system/multi-user.target.wants/
+
+# allow root login with empty password, unsafe !
+sudo tee $DISK_ROOT/etc/ssh/sshd_config.d/98-archlinux.conf <<-'EOF'
+PermitEmptyPasswords yes
+PermitRootLogin yes
+EOF
+
+# Remove default (locked) root password
+# See https://github.com/archlinux/svntogit-packages/commit/0320c909f3867d47576083e853543bab1705185b
+sudo sed 's/^root:.*/root::14871::::::/' -i $DISK_ROOT/etc/shadow
+
+sudo umount $DISK_ROOT
+rmdir $DISK_ROOT