On 09/17/14 08:04, Marcin Mirosław wrote:
W dniu 16.09.2014 o 14:34, "Tóth Attila" pisze:
2014.Szeptember 16.(K) 11:05 időpontban Marcin Mirosław ezt írta:
A few days ago I boot KVM host with hardened kernel. After some time I
noticed that usb passthrough from host to kvm guest doesn't work. Simply
sayoing guest didn't seen any usb device. After switching kernel on host
to gentoo-sources-{3.14.14,3.16.2} usb-passthrough works as I expect. I
didn't any related information in logs.
Does libvirt or grsec need special configuration to have such feature
working?
I don't use KVM or libvirt, but I would suggest to check out your grsec
logs for denials.
Also there is a new capability introduced not so long ago:
CAP_BLOCK_SUSPEND
Some daemons and executables may complain - but in my case were
functioning properly anyways. May be not related to your problem.
Hi!
I don't use RBAC nor in kernel.log nor in dmesg nor in libvirt log I
didn't see any suspicious entries.
Regards,
Marcin
Was there an earlier version of hardened-sources which *did* work?
Also, trust the menu options under grsecurity in Kconfig where it says
virtualization etc etc. Some options are too strict for a virt
environment. Having said that, though, if usb is the only thing not
working, I suspect that maybe its some misconfiguration in the
host/client Kconfigs for kvm not related to hardened.
--
Anthony G. Basile, Ph. D.
Chair of Information Technology
D'Youville College
Buffalo, NY 14201
(716) 829-8197
