RB schrieb: > On Tue, Dec 16, 2008 at 14:19, Romain BERGE <[email protected]> wrote: >> Hey all, >> >> I am wondering of using and AMD CPU with the AMD-V. >> I wonder of using KVM to virtualise a few Hardened server. >> >> Someone used already KVM+ Hardened ? > > Anyone else get KVM running on a hardened host? I'm seeing some > issues right now: > - The kvm-82 modules use symbols only in 2.6.28, making it > incompatible with the current hardened-sources: > [ 1584.882179] kvm: Unknown symbol intel_iommu_domain_alloc > [ 1584.882259] kvm: Unknown symbol intel_iommu_detach_dev > [ 1584.882340] kvm: Unknown symbol intel_iommu_page_mapping > [ 1584.882768] kvm: Unknown symbol intel_iommu_context_mapping > [ 1584.882862] kvm: Unknown symbol intel_iommu_iova_to_pfn > [ 1584.883441] kvm: Unknown symbol intel_iommu_domain_exit > - KVM segfaults upon execution against the 2.6.27-hardened-r3; I > haven't debugged it yet, but it may well be tied to the symbol issues > - kqemu starts to compile with gcc-4.3.2-r2 but fails with a > relocation error I'm seeing from several other packages under the new > hardened gcc-4.3.2-r2: > relocation R_X86_64_32 against `a local symbol' can not be used when > making a shared object; recompile with -fPIC > (I've already patched a few packages for these) > - Even after disabling kqemu and switching to gcc-3.x, compiling > qemu-softmmu results in the same error as above. > > Rather disappointing, I was hoping to get a hardened profile host > backing my VMs. Guess it's back to a standard profile for a bit. > > > RB > >
I have KVM + hardened toolchain + hardened-sources running without problems for a longer time now. Probably the main differences: -I am using the experimental hardened toolchain overlay from Zorry and xake. -I am using the in-kernel kvm-modules instead of those provided by kvm (compiled in, not as module). -- Thomas Sachau Gentoo Linux Developer
signature.asc
Description: OpenPGP digital signature
