From: "Matthew Thode" <mthode@mthode.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] proj/hardened-docs:master commit in: xml/
Date: Tue, 5 Apr 2011 18:38:48 +0000 (UTC) [thread overview]
Message-ID: <23dda4bdfebfe697e5dca3dcac505d705a5c71c9.prometheanfire@gentoo> (raw)
commit: 23dda4bdfebfe697e5dca3dcac505d705a5c71c9
Author: Matthew Thode <mthode <AT> mthode <DOT> org>
AuthorDate: Tue Apr 5 18:26:50 2011 +0000
Commit: Matthew Thode <mthode <AT> mthode <DOT> org>
CommitDate: Tue Apr 5 18:26:50 2011 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-docs.git;a=commit;h=23dda4bd
added a table to the hardened-virt guide for kernel options on guests
---
xml/hardened-virtualization.xml | 23 +++++++++++++++++++++++
1 files changed, 23 insertions(+), 0 deletions(-)
diff --git a/xml/hardened-virtualization.xml b/xml/hardened-virtualization.xml
index 606c6fd..916b798 100644
--- a/xml/hardened-virtualization.xml
+++ b/xml/hardened-virtualization.xml
@@ -83,6 +83,29 @@ virtio, with all hardening features, including CONFIG_PAX_KERNEXEC and
CONFIG_PAX_MEMORY_UDEREF, have been successfull.
</p>
+<table>
+ <tr>
+ <th>guest kerel config breakout</th>
+ </tr>
+ <tr>
+ <th rowspan=2></th>
+ <th colspan=2>CPU</th>
+ <th>AMD</th>
+ <th>INTEL</th>
+ </tr>
+ <tr>
+ <th>CONFIG_PAX_KERNEXEC</th>
+ <ti>Y</ti>
+ <ti>Y</ti>
+ </tr>
+ <tr>
+ <th>CONFIG_PAX_MEMORY_UDEREF</th>
+ <ti>Y</ti>
+ <ti>N</ti>
+ </tr>
+</table>
+
+
<p>
For the host, however, one must disable both CONFIG_PAX_KERNEXEC and
CONFIG_PAX_MEMORY_UDEREF. Either of these will set an invisible kernel
next reply other threads:[~2011-04-05 18:39 UTC|newest]
Thread overview: 91+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-04-05 18:38 Matthew Thode [this message]
-- strict thread matches above, loose matches on Subject: below --
2013-01-12 13:18 [gentoo-commits] proj/hardened-docs:master commit in: xml/ Magnus Granberg
2012-08-20 17:17 Sven Vermeulen
2012-07-10 19:45 Michael Palimaka
2012-05-26 19:25 Sven Vermeulen
2012-05-26 18:07 Sven Vermeulen
2012-05-21 19:08 Sven Vermeulen
2012-05-04 20:19 Sven Vermeulen
2012-04-28 19:23 Francisco Blas Izquierdo Riera
2012-04-05 20:45 Sven Vermeulen
2012-04-05 18:51 Sven Vermeulen
2012-04-02 15:50 Francisco Blas Izquierdo Riera
2012-03-28 19:00 Sven Vermeulen
2011-12-27 12:51 Sven Vermeulen
2011-12-26 12:17 Sven Vermeulen
2011-12-10 17:32 Sven Vermeulen
2011-12-10 15:44 Sven Vermeulen
2011-12-10 14:47 Sven Vermeulen
2011-11-22 20:08 Sven Vermeulen
2011-11-22 20:08 Sven Vermeulen
2011-11-22 20:08 Sven Vermeulen
2011-11-17 21:36 Sven Vermeulen
2011-11-17 20:51 Sven Vermeulen
2011-11-17 20:32 Sven Vermeulen
2011-11-17 20:30 Sven Vermeulen
2011-11-12 21:27 Sven Vermeulen
2011-10-28 17:36 José María Alonso
2011-10-25 18:35 Sven Vermeulen
2011-10-13 14:49 Sven Vermeulen
2011-10-08 16:54 Sven Vermeulen
2011-09-04 19:54 Sven Vermeulen
2011-09-04 19:54 Sven Vermeulen
2011-09-04 19:13 Sven Vermeulen
2011-09-03 12:10 Sven Vermeulen
2011-08-24 21:09 Sven Vermeulen
2011-08-22 19:20 Sven Vermeulen
2011-08-12 21:00 Sven Vermeulen
2011-08-10 18:38 Sven Vermeulen
2011-07-21 19:47 Sven Vermeulen
2011-07-16 20:33 Sven Vermeulen
2011-07-15 16:08 Sven Vermeulen
2011-07-13 22:04 Sven Vermeulen
2011-07-13 21:39 Sven Vermeulen
2011-07-11 15:03 José María Alonso
2011-07-10 20:09 Sven Vermeulen
2011-06-13 14:14 Sven Vermeulen
2011-06-13 14:14 Sven Vermeulen
2011-06-11 13:16 Francisco Blas Izquierdo Riera
2011-06-10 18:07 Francisco Blas Izquierdo Riera
2011-06-10 18:03 Francisco Blas Izquierdo Riera
2011-06-10 14:56 José María Alonso
2011-06-09 17:36 Francisco Blas Izquierdo Riera
2011-06-01 21:26 Sven Vermeulen
2011-06-01 19:57 Sven Vermeulen
2011-05-24 20:37 Sven Vermeulen
2011-05-22 21:35 Sven Vermeulen
2011-05-22 21:35 Sven Vermeulen
2011-05-14 12:51 Sven Vermeulen
2011-05-14 12:51 Sven Vermeulen
2011-05-10 2:34 Francisco Blas Izquierdo Riera
2011-05-09 21:45 Francisco Blas Izquierdo Riera
2011-05-04 22:03 Francisco Blas Izquierdo Riera
2011-05-04 22:03 Francisco Blas Izquierdo Riera
2011-05-03 21:06 Sven Vermeulen
2011-05-03 20:23 Sven Vermeulen
2011-05-01 20:21 Sven Vermeulen
2011-04-30 19:43 Sven Vermeulen
2011-04-30 8:59 Sven Vermeulen
2011-04-23 11:32 Sven Vermeulen
2011-04-23 8:18 Sven Vermeulen
2011-04-22 22:35 Sven Vermeulen
2011-04-22 19:17 Sven Vermeulen
2011-04-22 11:14 Sven Vermeulen
2011-04-22 10:49 Sven Vermeulen
2011-04-05 18:46 Matthew Thode
2011-03-27 1:09 Francisco Blas Izquierdo Riera
2011-03-27 1:00 Francisco Blas Izquierdo Riera
2011-03-27 0:55 Francisco Blas Izquierdo Riera
2011-03-26 23:49 Francisco Blas Izquierdo Riera
2011-03-09 18:14 Sven Vermeulen
2011-02-26 9:33 Sven Vermeulen
2011-02-24 21:25 Sven Vermeulen
2011-02-24 21:24 Sven Vermeulen
2011-02-21 21:54 Sven Vermeulen
2011-02-19 3:29 Francisco Blas Izquierdo Riera
2011-02-19 3:23 Francisco Blas Izquierdo Riera
2011-02-19 0:14 Francisco Blas Izquierdo Riera
2011-02-18 23:17 Francisco Blas Izquierdo Riera
2011-02-18 16:11 Francisco Blas Izquierdo Riera
2011-02-18 7:07 Francisco Blas Izquierdo Riera
2011-02-15 4:40 Francisco Blas Izquierdo Riera
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=23dda4bdfebfe697e5dca3dcac505d705a5c71c9.prometheanfire@gentoo \
--to=mthode@mthode.org \
--cc=gentoo-commits@lists.gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox