Sadako a écrit :
2008/12/21 Sadako <[email protected]>:
I have one virtualbox using VT extensions, and runs fine. I have used
PaX in the guest with rsbac 1.3.7 and the noexec based on segmentation
and all others on (peMRXS flags) and goes fine (with pageexec does not
work, hangs at boot, so I switch segmexec). I think that you shouldn't
have any troubles with kvm, if you have some try using virtualbox.
I added -D_FORTIFY_SOURCE=2 to the cflags in make.conf compilation, it
runs fine too and I think is safe. Not hangs at the moment.
2008/12/16 Romain BERGE <[email protected]>:
Hey all,
I am wondering of using and AMD CPU with the AMD-V.
I wonder of using KVM to virtualise a few Hardened server.
Someone used already KVM+ Hardened ?
Working fine ?
Thanks
Regards
Do you actually have the virtualbox _host_ running under
hardened-sources?
If so, could you please upload your kernel config somewhere?
I've been trying to do the same, but upon trying to boot a guest (any
guest) via virtualbox the host box locks up, and I've tried everything I
can think of, including disabling _all_ grsec and pax options within the
kernel...
Are you sure is related to the host?. Why?.
It's the host box which is locking up, and the host which is running
hardened-sources.
Booting the host with gentoo-sources, and it works fine.
I believe others have had the same issue as me, however there is at least
one person who has had it working without any issues, see this fgo thread;
https://forums.gentoo.org/viewtopic-t-713850.html
Unfortunately, that user informed me via PM that he no longer has the
kernel configs he used...
The CPU i plan to use also offer the NX bit.
It is used by Pax for the segregation of the memory page.
Thus it avoid to emulate the NX bit (which slows down the machine).
Does someone know if the NX bit feature will also be used by my guest
gentoo-hardened ?
Or is it limited to the gentoo-hardened host ?
Thanks
PS: the question is in fact similar to every CPU feature (like
SSE,SSE2,....) Are they reachable by the guest OS ?
