* [gentoo-hardened] KVM & Gentoo Hardened
@ 2008-12-16 21:19 Romain BERGE
2008-12-21 13:10 ` Javier J. Martínez Cabezón
2009-01-10 6:38 ` RB
0 siblings, 2 replies; 12+ messages in thread
From: Romain BERGE @ 2008-12-16 21:19 UTC (permalink / raw
To: gentoo-hardened
Hey all,
I am wondering of using and AMD CPU with the AMD-V.
I wonder of using KVM to virtualise a few Hardened server.
Someone used already KVM+ Hardened ?
Working fine ?
Thanks
Regards
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [gentoo-hardened] KVM & Gentoo Hardened
2008-12-16 21:19 [gentoo-hardened] KVM & Gentoo Hardened Romain BERGE
@ 2008-12-21 13:10 ` Javier J. Martínez Cabezón
2008-12-21 16:21 ` Sadako
2009-01-10 6:38 ` RB
1 sibling, 1 reply; 12+ messages in thread
From: Javier J. Martínez Cabezón @ 2008-12-21 13:10 UTC (permalink / raw
To: gentoo-hardened
I have one virtualbox using VT extensions, and runs fine. I have used
PaX in the guest with rsbac 1.3.7 and the noexec based on segmentation
and all others on (peMRXS flags) and goes fine (with pageexec does not
work, hangs at boot, so I switch segmexec). I think that you shouldn't
have any troubles with kvm, if you have some try using virtualbox.
I added -D_FORTIFY_SOURCE=2 to the cflags in make.conf compilation, it
runs fine too and I think is safe. Not hangs at the moment.
2008/12/16 Romain BERGE <romain.berge@gmail.com>:
> Hey all,
>
> I am wondering of using and AMD CPU with the AMD-V.
> I wonder of using KVM to virtualise a few Hardened server.
>
> Someone used already KVM+ Hardened ?
>
> Working fine ?
>
> Thanks
>
> Regards
>
>
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [gentoo-hardened] KVM & Gentoo Hardened
2008-12-21 13:10 ` Javier J. Martínez Cabezón
@ 2008-12-21 16:21 ` Sadako
2008-12-21 16:59 ` Javier J. Martínez Cabezón
` (2 more replies)
0 siblings, 3 replies; 12+ messages in thread
From: Sadako @ 2008-12-21 16:21 UTC (permalink / raw
To: gentoo-hardened
> I have one virtualbox using VT extensions, and runs fine. I have used
> PaX in the guest with rsbac 1.3.7 and the noexec based on segmentation
> and all others on (peMRXS flags) and goes fine (with pageexec does not
> work, hangs at boot, so I switch segmexec). I think that you shouldn't
> have any troubles with kvm, if you have some try using virtualbox.
> I added -D_FORTIFY_SOURCE=2 to the cflags in make.conf compilation, it
> runs fine too and I think is safe. Not hangs at the moment.
>
> 2008/12/16 Romain BERGE <romain.berge@gmail.com>:
>> Hey all,
>>
>> I am wondering of using and AMD CPU with the AMD-V.
>> I wonder of using KVM to virtualise a few Hardened server.
>>
>> Someone used already KVM+ Hardened ?
>>
>> Working fine ?
>>
>> Thanks
>>
>> Regards
>>
>>
>
>
Do you actually have the virtualbox _host_ running under hardened-sources?
If so, could you please upload your kernel config somewhere?
I've been trying to do the same, but upon trying to boot a guest (any
guest) via virtualbox the host box locks up, and I've tried everything I
can think of, including disabling _all_ grsec and pax options within the
kernel...
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [gentoo-hardened] KVM & Gentoo Hardened
2008-12-21 16:21 ` Sadako
@ 2008-12-21 16:59 ` Javier J. Martínez Cabezón
2008-12-21 17:22 ` Javier J. Martínez Cabezón
2008-12-22 4:34 ` Pavel Labushev
2 siblings, 0 replies; 12+ messages in thread
From: Javier J. Martínez Cabezón @ 2008-12-21 16:59 UTC (permalink / raw
To: gentoo-hardened
Actually only the guest is in hardened sources, host is under debian
lenny. I send you the .config of the guest kernel.
#
# Automatically generated make config: don't edit
# Linux kernel version: 2.6.23.14
# Sat Dec 20 22:49:10 2008
#
CONFIG_X86_32=y
CONFIG_GENERIC_TIME=y
CONFIG_GENERIC_CMOS_UPDATE=y
CONFIG_CLOCKSOURCE_WATCHDOG=y
CONFIG_GENERIC_CLOCKEVENTS=y
CONFIG_GENERIC_CLOCKEVENTS_BROADCAST=y
CONFIG_LOCKDEP_SUPPORT=y
CONFIG_STACKTRACE_SUPPORT=y
CONFIG_SEMAPHORE_SLEEPERS=y
CONFIG_X86=y
CONFIG_MMU=y
CONFIG_ZONE_DMA=y
CONFIG_QUICKLIST=y
CONFIG_GENERIC_ISA_DMA=y
CONFIG_GENERIC_IOMAP=y
CONFIG_GENERIC_BUG=y
CONFIG_GENERIC_HWEIGHT=y
CONFIG_ARCH_MAY_HAVE_PC_FDC=y
CONFIG_DMI=y
CONFIG_DEFCONFIG_LIST="/lib/modules/$UNAME_RELEASE/.config"
#
# General setup
#
CONFIG_EXPERIMENTAL=y
CONFIG_BROKEN_ON_SMP=y
CONFIG_INIT_ENV_ARG_LIMIT=32
CONFIG_LOCALVERSION=""
CONFIG_LOCALVERSION_AUTO=y
CONFIG_SWAP=y
CONFIG_SYSVIPC=y
CONFIG_SYSVIPC_SYSCTL=y
CONFIG_POSIX_MQUEUE=y
# CONFIG_BSD_PROCESS_ACCT is not set
# CONFIG_TASKSTATS is not set
CONFIG_USER_NS=y
# CONFIG_AUDIT is not set
CONFIG_IKCONFIG=y
CONFIG_IKCONFIG_PROC=y
CONFIG_LOG_BUF_SHIFT=17
CONFIG_SYSFS_DEPRECATED=y
# CONFIG_RELAY is not set
CONFIG_BLK_DEV_INITRD=y
CONFIG_INITRAMFS_SOURCE=""
# CONFIG_CC_OPTIMIZE_FOR_SIZE is not set
CONFIG_SYSCTL=y
# CONFIG_EMBEDDED is not set
CONFIG_UID16=y
CONFIG_SYSCTL_SYSCALL=y
CONFIG_KALLSYMS=y
# CONFIG_KALLSYMS_EXTRA_PASS is not set
CONFIG_HOTPLUG=y
CONFIG_PRINTK=y
CONFIG_BUG=y
CONFIG_ELF_CORE=y
CONFIG_BASE_FULL=y
CONFIG_FUTEX=y
CONFIG_ANON_INODES=y
CONFIG_EPOLL=y
CONFIG_SIGNALFD=y
CONFIG_EVENTFD=y
CONFIG_SHMEM=y
CONFIG_VM_EVENT_COUNTERS=y
CONFIG_SLAB=y
# CONFIG_SLUB is not set
# CONFIG_SLOB is not set
CONFIG_RT_MUTEXES=y
# CONFIG_TINY_SHMEM is not set
CONFIG_BASE_SMALL=0
# CONFIG_MODULES is not set
CONFIG_BLOCK=y
# CONFIG_LBD is not set
# CONFIG_BLK_DEV_IO_TRACE is not set
# CONFIG_LSF is not set
# CONFIG_BLK_DEV_BSG is not set
#
# IO Schedulers
#
CONFIG_IOSCHED_NOOP=y
CONFIG_IOSCHED_AS=y
CONFIG_IOSCHED_DEADLINE=y
CONFIG_IOSCHED_CFQ=y
CONFIG_DEFAULT_AS=y
# CONFIG_DEFAULT_DEADLINE is not set
# CONFIG_DEFAULT_CFQ is not set
# CONFIG_DEFAULT_NOOP is not set
CONFIG_DEFAULT_IOSCHED="anticipatory"
#
# Processor type and features
#
CONFIG_TICK_ONESHOT=y
# CONFIG_NO_HZ is not set
CONFIG_HIGH_RES_TIMERS=y
# CONFIG_SMP is not set
CONFIG_X86_PC=y
# CONFIG_X86_ELAN is not set
# CONFIG_X86_VOYAGER is not set
# CONFIG_X86_NUMAQ is not set
# CONFIG_X86_SUMMIT is not set
# CONFIG_X86_BIGSMP is not set
# CONFIG_X86_VISWS is not set
# CONFIG_X86_GENERICARCH is not set
# CONFIG_X86_ES7000 is not set
# CONFIG_PARAVIRT is not set
CONFIG_M386=y
# CONFIG_M486 is not set
# CONFIG_M586 is not set
# CONFIG_M586TSC is not set
# CONFIG_M586MMX is not set
# CONFIG_M686 is not set
# CONFIG_MPENTIUMII is not set
# CONFIG_MPENTIUMIII is not set
# CONFIG_MPENTIUMM is not set
# CONFIG_MCORE2 is not set
# CONFIG_MPENTIUM4 is not set
# CONFIG_MK6 is not set
# CONFIG_MK7 is not set
# CONFIG_MK8 is not set
# CONFIG_MCRUSOE is not set
# CONFIG_MEFFICEON is not set
# CONFIG_MWINCHIPC6 is not set
# CONFIG_MWINCHIP2 is not set
# CONFIG_MWINCHIP3D is not set
# CONFIG_MGEODEGX1 is not set
# CONFIG_MGEODE_LX is not set
# CONFIG_MCYRIXIII is not set
# CONFIG_MVIAC3_2 is not set
# CONFIG_MVIAC7 is not set
CONFIG_X86_GENERIC=y
CONFIG_X86_L1_CACHE_SHIFT=7
CONFIG_RWSEM_GENERIC_SPINLOCK=y
# CONFIG_ARCH_HAS_ILOG2_U32 is not set
# CONFIG_ARCH_HAS_ILOG2_U64 is not set
CONFIG_GENERIC_CALIBRATE_DELAY=y
CONFIG_X86_PPRO_FENCE=y
CONFIG_X86_F00F_BUG=y
CONFIG_X86_INTEL_USERCOPY=y
CONFIG_X86_MINIMUM_CPU_FAMILY=3
CONFIG_HPET_TIMER=y
CONFIG_HPET_EMULATE_RTC=y
# CONFIG_PREEMPT_NONE is not set
CONFIG_PREEMPT_VOLUNTARY=y
# CONFIG_PREEMPT is not set
CONFIG_X86_UP_APIC=y
CONFIG_X86_UP_IOAPIC=y
CONFIG_X86_LOCAL_APIC=y
CONFIG_X86_IO_APIC=y
CONFIG_X86_MCE=y
CONFIG_X86_MCE_NONFATAL=y
# CONFIG_X86_MCE_P4THERMAL is not set
CONFIG_VM86=y
# CONFIG_TOSHIBA is not set
# CONFIG_I8K is not set
CONFIG_X86_REBOOTFIXUPS=y
# CONFIG_MICROCODE is not set
# CONFIG_X86_MSR is not set
# CONFIG_X86_CPUID is not set
#
# Firmware Drivers
#
# CONFIG_EDD is not set
# CONFIG_DELL_RBU is not set
# CONFIG_DCDBAS is not set
# CONFIG_DMIID is not set
# CONFIG_NOHIGHMEM is not set
CONFIG_HIGHMEM4G=y
# CONFIG_HIGHMEM64G is not set
CONFIG_PAGE_OFFSET=0xC0000000
CONFIG_HIGHMEM=y
CONFIG_ARCH_FLATMEM_ENABLE=y
CONFIG_ARCH_SPARSEMEM_ENABLE=y
CONFIG_ARCH_SELECT_MEMORY_MODEL=y
CONFIG_ARCH_POPULATES_NODE_MAP=y
CONFIG_SELECT_MEMORY_MODEL=y
CONFIG_FLATMEM_MANUAL=y
# CONFIG_DISCONTIGMEM_MANUAL is not set
# CONFIG_SPARSEMEM_MANUAL is not set
CONFIG_FLATMEM=y
CONFIG_FLAT_NODE_MEM_MAP=y
CONFIG_SPARSEMEM_STATIC=y
CONFIG_SPLIT_PTLOCK_CPUS=4
CONFIG_RESOURCES_64BIT=y
CONFIG_ZONE_DMA_FLAG=1
CONFIG_BOUNCE=y
CONFIG_NR_QUICK=1
CONFIG_VIRT_TO_BUS=y
# CONFIG_HIGHPTE is not set
# CONFIG_MATH_EMULATION is not set
# CONFIG_MTRR is not set
# CONFIG_SECCOMP is not set
# CONFIG_HZ_100 is not set
CONFIG_HZ_250=y
# CONFIG_HZ_300 is not set
# CONFIG_HZ_1000 is not set
CONFIG_HZ=250
# CONFIG_KEXEC is not set
# CONFIG_CRASH_DUMP is not set
CONFIG_PHYSICAL_START=0x200000
# CONFIG_RELOCATABLE is not set
CONFIG_PHYSICAL_ALIGN=0x100000
# CONFIG_COMPAT_VDSO is not set
#
# Rule Set Based Access Control (RSBAC)
#
CONFIG_RSBAC=y
#
# General RSBAC options
#
CONFIG_RSBAC_INIT_THREAD=y
CONFIG_RSBAC_MAX_INIT_TIME=10
CONFIG_RSBAC_PROC=y
CONFIG_RSBAC_INIT_CHECK=y
# CONFIG_RSBAC_NO_WRITE is not set
# CONFIG_RSBAC_MSDOS_WRITE is not set
CONFIG_RSBAC_AUTO_WRITE=5
CONFIG_RSBAC_LIST_MAX_HASHES=128
CONFIG_RSBAC_LIST_CHECK_INTERVAL=1800
CONFIG_RSBAC_LIST_TRANS=y
CONFIG_RSBAC_LIST_TRANS_MAX_TTL=3600
CONFIG_RSBAC_LIST_TRANS_RANDOM_TA=y
CONFIG_RSBAC_FD_CACHE=y
CONFIG_RSBAC_FD_CACHE_TTL=1800
CONFIG_RSBAC_FD_CACHE_MAX_ITEMS=2000
CONFIG_RSBAC_DEBUG=y
CONFIG_RSBAC_DEV_USER_BACKUP=y
CONFIG_RSBAC_SECOFF_UID=666
CONFIG_RSBAC_INIT_DELAY=y
CONFIG_RSBAC_GEN_NR_P_LISTS=4
#
# User Management
#
CONFIG_RSBAC_UM=y
CONFIG_RSBAC_UM_DIGEST=y
CONFIG_RSBAC_UM_USER_MIN=2000
CONFIG_RSBAC_UM_GROUP_MIN=2000
# CONFIG_RSBAC_UM_EXCL is not set
CONFIG_RSBAC_UM_MIN_PASS_LEN=6
CONFIG_RSBAC_UM_NON_ALPHA=y
CONFIG_RSBAC_UM_PWHISTORY=y
CONFIG_RSBAC_UM_PWHISTORY_MAX=8
#
# RSBAC networking options
#
CONFIG_RSBAC_NET=y
CONFIG_RSBAC_NET_DEV=y
CONFIG_RSBAC_NET_DEV_VIRT=y
CONFIG_RSBAC_IND_NETDEV_LOG=y
CONFIG_RSBAC_NET_OBJ=y
CONFIG_RSBAC_NET_OBJ_RW=y
CONFIG_RSBAC_IND_NETOBJ_LOG=y
#
# -------------------------
#
# CONFIG_RSBAC_MAINT is not set
#
# -------------------------
#
#
# Decision module (policy) options
#
# CONFIG_RSBAC_REG is not set
#
# -------------------------
#
CONFIG_RSBAC_AUTH=y
#
# AUTH Policy Options
#
CONFIG_RSBAC_AUTH_AUTH_PROT=y
CONFIG_RSBAC_AUTH_OTHER_PROT=y
CONFIG_RSBAC_AUTH_UM_PROT=y
CONFIG_RSBAC_AUTH_DAC_OWNER=y
# CONFIG_RSBAC_AUTH_ALLOW_SAME is not set
CONFIG_RSBAC_AUTH_GROUP=y
CONFIG_RSBAC_AUTH_DAC_GROUP=y
CONFIG_RSBAC_AUTH_LEARN=y
CONFIG_RSBAC_RC=y
#
# RC Policy Options
#
CONFIG_RSBAC_RC_AUTH_PROT=y
CONFIG_RSBAC_RC_UM_PROT=y
CONFIG_RSBAC_RC_GEN_PROT=y
CONFIG_RSBAC_RC_BACKUP=y
CONFIG_RSBAC_RC_NET_DEV_PROT=y
CONFIG_RSBAC_RC_NET_OBJ_PROT=y
CONFIG_RSBAC_RC_NET_OBJ_UNIX_PROCESS=y
CONFIG_RSBAC_RC_NR_P_LISTS=8
CONFIG_RSBAC_RC_KERNEL_PROCESS_TYPE=999999
CONFIG_RSBAC_ACL=y
#
# ACL Policy Options
#
CONFIG_RSBAC_ACL_SUPER_FILTER=y
CONFIG_RSBAC_ACL_AUTH_PROT=y
CONFIG_RSBAC_ACL_UM_PROT=y
CONFIG_RSBAC_ACL_GEN_PROT=y
CONFIG_RSBAC_ACL_BACKUP=y
CONFIG_RSBAC_ACL_LEARN=y
CONFIG_RSBAC_ACL_NET_DEV_PROT=y
CONFIG_RSBAC_ACL_NET_OBJ_PROT=y
# CONFIG_RSBAC_MAC is not set
CONFIG_RSBAC_PAX=y
#
# PAX Policy Options
#
CONFIG_RSBAC_PAX_DEFAULT=y
CONFIG_RSBAC_PAX_PAGEEXEC=y
# CONFIG_RSBAC_PAX_EMUTRAMP is not set
CONFIG_RSBAC_PAX_MPROTECT=y
CONFIG_RSBAC_PAX_RANDMMAP=y
CONFIG_RSBAC_PAX_RANDEXEC=y
CONFIG_RSBAC_PAX_SEGMEXEC=y
# CONFIG_RSBAC_DAZ is not set
CONFIG_RSBAC_CAP=y
#
# CAP Policy Options
#
CONFIG_RSBAC_CAP_PROC_HIDE=y
CONFIG_RSBAC_CAP_AUTH_PROT=y
CONFIG_RSBAC_CAP_LOG_MISSING=y
CONFIG_RSBAC_JAIL=y
#
# JAIL Policy Options
#
CONFIG_RSBAC_JAIL_NET_ADJUST=y
CONFIG_RSBAC_JAIL_NET_DEV_PROT=y
CONFIG_RSBAC_JAIL_NR_P_LISTS=4
CONFIG_RSBAC_JAIL_LOG_MISSING=y
CONFIG_RSBAC_RES=y
# CONFIG_RSBAC_FF is not set
# CONFIG_RSBAC_PM is not set
#
# ----------------
#
#
# Softmode and switching
#
CONFIG_RSBAC_SOFTMODE=y
# CONFIG_RSBAC_SOFTMODE_SYSRQ is not set
CONFIG_RSBAC_SOFTMODE_IND=y
CONFIG_RSBAC_SWITCH=y
CONFIG_RSBAC_SWITCH_ON=y
CONFIG_RSBAC_SWITCH_AUTH=y
CONFIG_RSBAC_SWITCH_RC=y
CONFIG_RSBAC_SWITCH_ACL=y
CONFIG_RSBAC_SWITCH_PAX=y
CONFIG_RSBAC_SWITCH_CAP=y
CONFIG_RSBAC_SWITCH_JAIL=y
CONFIG_RSBAC_SWITCH_RES=y
#
# Logging
#
CONFIG_RSBAC_IND_LOG=y
CONFIG_RSBAC_IND_USER_LOG=y
CONFIG_RSBAC_IND_PROG_LOG=y
CONFIG_RSBAC_LOG_PROGRAM_FILE=y
CONFIG_RSBAC_LOG_FULL_PATH=y
CONFIG_RSBAC_MAX_PATH_LEN=512
# CONFIG_RSBAC_LOG_PSEUDO is not set
CONFIG_RSBAC_SYSLOG_RATE=y
CONFIG_RSBAC_SYSLOG_RATE_DEF=1000
CONFIG_RSBAC_RMSG=y
CONFIG_RSBAC_RMSG_MAXENTRIES=200
CONFIG_RSBAC_RMSG_NOSYSLOG=y
#
# ----------------
#
# CONFIG_RSBAC_LOG_REMOTE is not set
CONFIG_RSBAC_SYM_REDIR=y
CONFIG_RSBAC_SYM_REDIR_REMOTE_IP=y
CONFIG_RSBAC_SYM_REDIR_UID=y
CONFIG_RSBAC_SYM_REDIR_RC=y
# CONFIG_RSBAC_ALLOW_DAC_DISABLE is not set
#
# Other RSBAC options
#
CONFIG_RSBAC_SECDEL=y
CONFIG_RSBAC_RW=y
CONFIG_RSBAC_IPC_SEM=y
CONFIG_RSBAC_DAC_OWNER=y
CONFIG_RSBAC_DAC_GROUP=y
CONFIG_RSBAC_PROC_HIDE=y
CONFIG_RSBAC_FSOBJ_HIDE=y
# CONFIG_RSBAC_FREEZE is not set
CONFIG_RSBAC_SYSLOG=y
CONFIG_RSBAC_IOCTL=y
CONFIG_RSBAC_USER_CHOWN=y
CONFIG_RSBAC_DAT_VISIBLE=y
# CONFIG_RSBAC_NO_DECISION_ON_NETMOUNT is not set
# CONFIG_RSBAC_USER_MOD_IOPERM is not set
CONFIG_RSBAC_FAKE_ROOT_UID=y
CONFIG_RSBAC_XSTATS=y
CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y
#
# Power management options (ACPI, APM)
#
# CONFIG_PM is not set
CONFIG_SUSPEND_UP_POSSIBLE=y
CONFIG_HIBERNATION_UP_POSSIBLE=y
#
# CPU Frequency scaling
#
# CONFIG_CPU_FREQ is not set
#
# Bus options (PCI, PCMCIA, EISA, MCA, ISA)
#
CONFIG_PCI=y
# CONFIG_PCI_GOBIOS is not set
# CONFIG_PCI_GOMMCONFIG is not set
# CONFIG_PCI_GODIRECT is not set
CONFIG_PCI_GOANY=y
CONFIG_PCI_BIOS=y
CONFIG_PCI_DIRECT=y
CONFIG_PCIEPORTBUS=y
CONFIG_PCIEAER=y
CONFIG_ARCH_SUPPORTS_MSI=y
# CONFIG_PCI_MSI is not set
CONFIG_HT_IRQ=y
CONFIG_ISA_DMA_API=y
# CONFIG_ISA is not set
# CONFIG_MCA is not set
# CONFIG_SCx200 is not set
#
# PCCARD (PCMCIA/CardBus) support
#
# CONFIG_PCCARD is not set
# CONFIG_HOTPLUG_PCI is not set
#
# Executable file formats
#
CONFIG_BINFMT_ELF=y
# CONFIG_BINFMT_AOUT is not set
# CONFIG_BINFMT_MISC is not set
#
# Networking
#
CONFIG_NET=y
#
# Networking options
#
CONFIG_PACKET=y
# CONFIG_PACKET_MMAP is not set
CONFIG_UNIX=y
# CONFIG_NET_KEY is not set
CONFIG_INET=y
CONFIG_IP_MULTICAST=y
CONFIG_IP_ADVANCED_ROUTER=y
CONFIG_ASK_IP_FIB_HASH=y
# CONFIG_IP_FIB_TRIE is not set
CONFIG_IP_FIB_HASH=y
# CONFIG_IP_MULTIPLE_TABLES is not set
# CONFIG_IP_ROUTE_MULTIPATH is not set
# CONFIG_IP_ROUTE_VERBOSE is not set
# CONFIG_IP_PNP is not set
# CONFIG_NET_IPIP is not set
# CONFIG_NET_IPGRE is not set
# CONFIG_IP_MROUTE is not set
# CONFIG_ARPD is not set
# CONFIG_SYN_COOKIES is not set
# CONFIG_INET_AH is not set
# CONFIG_INET_ESP is not set
# CONFIG_INET_IPCOMP is not set
# CONFIG_INET_XFRM_TUNNEL is not set
# CONFIG_INET_TUNNEL is not set
# CONFIG_INET_XFRM_MODE_TRANSPORT is not set
# CONFIG_INET_XFRM_MODE_TUNNEL is not set
# CONFIG_INET_XFRM_MODE_BEET is not set
CONFIG_INET_DIAG=y
CONFIG_INET_TCP_DIAG=y
# CONFIG_TCP_CONG_ADVANCED is not set
CONFIG_TCP_CONG_CUBIC=y
CONFIG_DEFAULT_TCP_CONG="cubic"
# CONFIG_TCP_MD5SIG is not set
# CONFIG_IP_VS is not set
# CONFIG_IPV6 is not set
# CONFIG_INET6_XFRM_TUNNEL is not set
# CONFIG_INET6_TUNNEL is not set
# CONFIG_NETWORK_SECMARK is not set
CONFIG_NETFILTER=y
CONFIG_NETFILTER_DEBUG=y
#
# Core Netfilter Configuration
#
CONFIG_NETFILTER_NETLINK=y
CONFIG_NETFILTER_NETLINK_QUEUE=y
CONFIG_NETFILTER_NETLINK_LOG=y
CONFIG_NF_CONNTRACK_ENABLED=y
CONFIG_NF_CONNTRACK=y
CONFIG_NF_CT_ACCT=y
CONFIG_NF_CONNTRACK_MARK=y
CONFIG_NF_CONNTRACK_EVENTS=y
# CONFIG_NF_CT_PROTO_SCTP is not set
CONFIG_NF_CT_PROTO_UDPLITE=y
# CONFIG_NF_CONNTRACK_AMANDA is not set
CONFIG_NF_CONNTRACK_FTP=y
# CONFIG_NF_CONNTRACK_H323 is not set
CONFIG_NF_CONNTRACK_IRC=y
# CONFIG_NF_CONNTRACK_NETBIOS_NS is not set
# CONFIG_NF_CONNTRACK_PPTP is not set
# CONFIG_NF_CONNTRACK_SANE is not set
# CONFIG_NF_CONNTRACK_SIP is not set
# CONFIG_NF_CONNTRACK_TFTP is not set
CONFIG_NF_CT_NETLINK=y
CONFIG_NETFILTER_XTABLES=y
CONFIG_NETFILTER_XT_TARGET_CLASSIFY=y
# CONFIG_NETFILTER_XT_TARGET_CONNMARK is not set
# CONFIG_NETFILTER_XT_TARGET_DSCP is not set
CONFIG_NETFILTER_XT_TARGET_MARK=y
CONFIG_NETFILTER_XT_TARGET_NFQUEUE=y
CONFIG_NETFILTER_XT_TARGET_NFLOG=y
# CONFIG_NETFILTER_XT_TARGET_NOTRACK is not set
CONFIG_NETFILTER_XT_TARGET_TRACE=y
CONFIG_NETFILTER_XT_TARGET_TCPMSS=y
CONFIG_NETFILTER_XT_MATCH_COMMENT=y
CONFIG_NETFILTER_XT_MATCH_CONNBYTES=y
CONFIG_NETFILTER_XT_MATCH_CONNLIMIT=y
CONFIG_NETFILTER_XT_MATCH_CONNMARK=y
CONFIG_NETFILTER_XT_MATCH_CONNTRACK=y
CONFIG_NETFILTER_XT_MATCH_DCCP=y
CONFIG_NETFILTER_XT_MATCH_DSCP=y
CONFIG_NETFILTER_XT_MATCH_ESP=y
CONFIG_NETFILTER_XT_MATCH_HELPER=y
CONFIG_NETFILTER_XT_MATCH_LENGTH=y
CONFIG_NETFILTER_XT_MATCH_LIMIT=y
CONFIG_NETFILTER_XT_MATCH_MAC=y
CONFIG_NETFILTER_XT_MATCH_MARK=y
CONFIG_NETFILTER_XT_MATCH_MULTIPORT=y
CONFIG_NETFILTER_XT_MATCH_PKTTYPE=y
CONFIG_NETFILTER_XT_MATCH_QUOTA=y
CONFIG_NETFILTER_XT_MATCH_REALM=y
CONFIG_NETFILTER_XT_MATCH_SCTP=y
CONFIG_NETFILTER_XT_MATCH_STATE=y
CONFIG_NETFILTER_XT_MATCH_STATISTIC=y
CONFIG_NETFILTER_XT_MATCH_STRING=y
CONFIG_NETFILTER_XT_MATCH_TCPMSS=y
CONFIG_NETFILTER_XT_MATCH_U32=y
CONFIG_NETFILTER_XT_MATCH_HASHLIMIT=y
#
# IP: Netfilter Configuration
#
CONFIG_NF_CONNTRACK_IPV4=y
CONFIG_NF_CONNTRACK_PROC_COMPAT=y
CONFIG_IP_NF_QUEUE=y
CONFIG_IP_NF_IPTABLES=y
CONFIG_IP_NF_MATCH_IPRANGE=y
CONFIG_IP_NF_MATCH_TOS=y
CONFIG_IP_NF_MATCH_RECENT=y
CONFIG_IP_NF_MATCH_ECN=y
CONFIG_IP_NF_MATCH_AH=y
CONFIG_IP_NF_MATCH_TTL=y
CONFIG_IP_NF_MATCH_OWNER=y
CONFIG_IP_NF_MATCH_ADDRTYPE=y
CONFIG_IP_NF_FILTER=y
CONFIG_IP_NF_TARGET_REJECT=y
CONFIG_IP_NF_TARGET_LOG=y
CONFIG_IP_NF_TARGET_ULOG=y
CONFIG_NF_NAT=y
CONFIG_NF_NAT_NEEDED=y
CONFIG_IP_NF_TARGET_MASQUERADE=y
CONFIG_IP_NF_TARGET_REDIRECT=y
CONFIG_IP_NF_TARGET_NETMAP=y
CONFIG_IP_NF_TARGET_SAME=y
CONFIG_NF_NAT_SNMP_BASIC=y
CONFIG_NF_NAT_FTP=y
CONFIG_NF_NAT_IRC=y
# CONFIG_NF_NAT_TFTP is not set
# CONFIG_NF_NAT_AMANDA is not set
# CONFIG_NF_NAT_PPTP is not set
# CONFIG_NF_NAT_H323 is not set
# CONFIG_NF_NAT_SIP is not set
CONFIG_IP_NF_MANGLE=y
CONFIG_IP_NF_TARGET_TOS=y
CONFIG_IP_NF_TARGET_ECN=y
CONFIG_IP_NF_TARGET_TTL=y
CONFIG_IP_NF_TARGET_CLUSTERIP=y
CONFIG_IP_NF_RAW=y
CONFIG_IP_NF_ARPTABLES=y
CONFIG_IP_NF_ARPFILTER=y
CONFIG_IP_NF_ARP_MANGLE=y
# CONFIG_IP_DCCP is not set
# CONFIG_IP_SCTP is not set
# CONFIG_TIPC is not set
# CONFIG_ATM is not set
# CONFIG_BRIDGE is not set
# CONFIG_VLAN_8021Q is not set
# CONFIG_DECNET is not set
# CONFIG_LLC2 is not set
# CONFIG_IPX is not set
# CONFIG_ATALK is not set
# CONFIG_X25 is not set
# CONFIG_LAPB is not set
# CONFIG_ECONET is not set
# CONFIG_WAN_ROUTER is not set
#
# QoS and/or fair queueing
#
# CONFIG_NET_SCHED is not set
CONFIG_NET_CLS_ROUTE=y
#
# Network testing
#
# CONFIG_NET_PKTGEN is not set
# CONFIG_HAMRADIO is not set
# CONFIG_IRDA is not set
# CONFIG_BT is not set
# CONFIG_AF_RXRPC is not set
#
# Wireless
#
# CONFIG_CFG80211 is not set
# CONFIG_WIRELESS_EXT is not set
# CONFIG_MAC80211 is not set
# CONFIG_IEEE80211 is not set
# CONFIG_RFKILL is not set
# CONFIG_NET_9P is not set
#
# Device Drivers
#
#
# Generic Driver Options
#
CONFIG_STANDALONE=y
CONFIG_PREVENT_FIRMWARE_BUILD=y
# CONFIG_FW_LOADER is not set
# CONFIG_SYS_HYPERVISOR is not set
# CONFIG_CONNECTOR is not set
# CONFIG_MTD is not set
# CONFIG_PARPORT is not set
CONFIG_BLK_DEV=y
# CONFIG_BLK_DEV_FD is not set
# CONFIG_BLK_CPQ_DA is not set
# CONFIG_BLK_CPQ_CISS_DA is not set
# CONFIG_BLK_DEV_DAC960 is not set
# CONFIG_BLK_DEV_UMEM is not set
# CONFIG_BLK_DEV_COW_COMMON is not set
CONFIG_BLK_DEV_LOOP=y
CONFIG_BLK_DEV_CRYPTOLOOP=y
# CONFIG_BLK_DEV_NBD is not set
# CONFIG_BLK_DEV_SX8 is not set
CONFIG_BLK_DEV_RAM=y
CONFIG_BLK_DEV_RAM_COUNT=16
CONFIG_BLK_DEV_RAM_SIZE=4096
CONFIG_BLK_DEV_RAM_BLOCKSIZE=1024
# CONFIG_CDROM_PKTCDVD is not set
# CONFIG_ATA_OVER_ETH is not set
# CONFIG_MISC_DEVICES is not set
CONFIG_IDE=y
CONFIG_BLK_DEV_IDE=y
#
# Please see Documentation/ide.txt for help/info on IDE drives
#
# CONFIG_BLK_DEV_IDE_SATA is not set
# CONFIG_BLK_DEV_HD_IDE is not set
CONFIG_BLK_DEV_IDEDISK=y
CONFIG_IDEDISK_MULTI_MODE=y
CONFIG_BLK_DEV_IDECD=y
# CONFIG_BLK_DEV_IDETAPE is not set
# CONFIG_BLK_DEV_IDEFLOPPY is not set
# CONFIG_BLK_DEV_IDESCSI is not set
# CONFIG_IDE_TASK_IOCTL is not set
CONFIG_IDE_PROC_FS=y
#
# IDE chipset support/bugfixes
#
CONFIG_IDE_GENERIC=y
# CONFIG_BLK_DEV_CMD640 is not set
CONFIG_BLK_DEV_IDEPCI=y
CONFIG_IDEPCI_SHARE_IRQ=y
CONFIG_IDEPCI_PCIBUS_ORDER=y
# CONFIG_BLK_DEV_OFFBOARD is not set
CONFIG_BLK_DEV_GENERIC=y
# CONFIG_BLK_DEV_OPTI621 is not set
# CONFIG_BLK_DEV_RZ1000 is not set
CONFIG_BLK_DEV_IDEDMA_PCI=y
# CONFIG_BLK_DEV_IDEDMA_FORCED is not set
# CONFIG_IDEDMA_ONLYDISK is not set
# CONFIG_BLK_DEV_AEC62XX is not set
# CONFIG_BLK_DEV_ALI15X3 is not set
# CONFIG_BLK_DEV_AMD74XX is not set
# CONFIG_BLK_DEV_ATIIXP is not set
# CONFIG_BLK_DEV_CMD64X is not set
# CONFIG_BLK_DEV_TRIFLEX is not set
# CONFIG_BLK_DEV_CY82C693 is not set
# CONFIG_BLK_DEV_CS5520 is not set
# CONFIG_BLK_DEV_CS5530 is not set
# CONFIG_BLK_DEV_CS5535 is not set
# CONFIG_BLK_DEV_HPT34X is not set
# CONFIG_BLK_DEV_HPT366 is not set
# CONFIG_BLK_DEV_JMICRON is not set
# CONFIG_BLK_DEV_SC1200 is not set
CONFIG_BLK_DEV_PIIX=y
# CONFIG_BLK_DEV_IT8213 is not set
# CONFIG_BLK_DEV_IT821X is not set
# CONFIG_BLK_DEV_NS87415 is not set
# CONFIG_BLK_DEV_PDC202XX_OLD is not set
# CONFIG_BLK_DEV_PDC202XX_NEW is not set
# CONFIG_BLK_DEV_SVWKS is not set
# CONFIG_BLK_DEV_SIIMAGE is not set
# CONFIG_BLK_DEV_SIS5513 is not set
# CONFIG_BLK_DEV_SLC90E66 is not set
# CONFIG_BLK_DEV_TRM290 is not set
# CONFIG_BLK_DEV_VIA82CXXX is not set
# CONFIG_BLK_DEV_TC86C001 is not set
# CONFIG_IDE_ARM is not set
CONFIG_BLK_DEV_IDEDMA=y
# CONFIG_IDEDMA_IVB is not set
# CONFIG_BLK_DEV_HD is not set
#
# SCSI device support
#
# CONFIG_RAID_ATTRS is not set
CONFIG_SCSI=y
CONFIG_SCSI_DMA=y
# CONFIG_SCSI_TGT is not set
# CONFIG_SCSI_NETLINK is not set
# CONFIG_SCSI_PROC_FS is not set
#
# SCSI support type (disk, tape, CD-ROM)
#
# CONFIG_BLK_DEV_SD is not set
# CONFIG_CHR_DEV_ST is not set
# CONFIG_CHR_DEV_OSST is not set
# CONFIG_BLK_DEV_SR is not set
# CONFIG_CHR_DEV_SG is not set
# CONFIG_CHR_DEV_SCH is not set
#
# Some SCSI devices (e.g. CD jukebox) support multiple LUNs
#
# CONFIG_SCSI_MULTI_LUN is not set
# CONFIG_SCSI_CONSTANTS is not set
# CONFIG_SCSI_LOGGING is not set
# CONFIG_SCSI_SCAN_ASYNC is not set
#
# SCSI Transports
#
# CONFIG_SCSI_SPI_ATTRS is not set
# CONFIG_SCSI_FC_ATTRS is not set
# CONFIG_SCSI_ISCSI_ATTRS is not set
# CONFIG_SCSI_SAS_LIBSAS is not set
# CONFIG_SCSI_LOWLEVEL is not set
# CONFIG_ATA is not set
CONFIG_MD=y
# CONFIG_BLK_DEV_MD is not set
CONFIG_BLK_DEV_DM=y
# CONFIG_DM_DEBUG is not set
CONFIG_DM_CRYPT=y
CONFIG_DM_SNAPSHOT=y
CONFIG_DM_MIRROR=y
CONFIG_DM_ZERO=y
CONFIG_DM_MULTIPATH=y
# CONFIG_DM_MULTIPATH_EMC is not set
# CONFIG_DM_MULTIPATH_RDAC is not set
# CONFIG_DM_DELAY is not set
#
# Fusion MPT device support
#
# CONFIG_FUSION is not set
# CONFIG_FUSION_SPI is not set
# CONFIG_FUSION_FC is not set
# CONFIG_FUSION_SAS is not set
#
# IEEE 1394 (FireWire) support
#
# CONFIG_FIREWIRE is not set
# CONFIG_IEEE1394 is not set
# CONFIG_I2O is not set
# CONFIG_MACINTOSH_DRIVERS is not set
CONFIG_NETDEVICES=y
# CONFIG_NETDEVICES_MULTIQUEUE is not set
# CONFIG_DUMMY is not set
# CONFIG_BONDING is not set
# CONFIG_MACVLAN is not set
# CONFIG_EQUALIZER is not set
# CONFIG_TUN is not set
# CONFIG_ARCNET is not set
# CONFIG_PHYLIB is not set
CONFIG_NET_ETHERNET=y
CONFIG_MII=y
# CONFIG_HAPPYMEAL is not set
# CONFIG_SUNGEM is not set
# CONFIG_CASSINI is not set
# CONFIG_NET_VENDOR_3COM is not set
CONFIG_NET_TULIP=y
# CONFIG_DE2104X is not set
CONFIG_TULIP=y
# CONFIG_TULIP_MWI is not set
# CONFIG_TULIP_MMIO is not set
# CONFIG_TULIP_NAPI is not set
# CONFIG_DE4X5 is not set
# CONFIG_WINBOND_840 is not set
# CONFIG_DM9102 is not set
# CONFIG_ULI526X is not set
# CONFIG_HP100 is not set
CONFIG_NET_PCI=y
CONFIG_PCNET32=y
# CONFIG_PCNET32_NAPI is not set
# CONFIG_AMD8111_ETH is not set
# CONFIG_ADAPTEC_STARFIRE is not set
# CONFIG_B44 is not set
# CONFIG_FORCEDETH is not set
# CONFIG_DGRS is not set
# CONFIG_EEPRO100 is not set
# CONFIG_E100 is not set
# CONFIG_FEALNX is not set
# CONFIG_NATSEMI is not set
# CONFIG_NE2K_PCI is not set
# CONFIG_8139CP is not set
# CONFIG_8139TOO is not set
# CONFIG_SIS900 is not set
# CONFIG_EPIC100 is not set
# CONFIG_SUNDANCE is not set
# CONFIG_TLAN is not set
# CONFIG_VIA_RHINE is not set
# CONFIG_SC92031 is not set
# CONFIG_NETDEV_1000 is not set
# CONFIG_NETDEV_10000 is not set
# CONFIG_TR is not set
#
# Wireless LAN
#
# CONFIG_WLAN_PRE80211 is not set
# CONFIG_WLAN_80211 is not set
# CONFIG_WAN is not set
# CONFIG_FDDI is not set
# CONFIG_HIPPI is not set
# CONFIG_PPP is not set
# CONFIG_SLIP is not set
# CONFIG_NET_FC is not set
# CONFIG_SHAPER is not set
CONFIG_NETCONSOLE=y
CONFIG_NETPOLL=y
# CONFIG_NETPOLL_TRAP is not set
CONFIG_NET_POLL_CONTROLLER=y
# CONFIG_ISDN is not set
# CONFIG_PHONE is not set
#
# Input device support
#
CONFIG_INPUT=y
# CONFIG_INPUT_FF_MEMLESS is not set
# CONFIG_INPUT_POLLDEV is not set
#
# Userland interfaces
#
CONFIG_INPUT_MOUSEDEV=y
CONFIG_INPUT_MOUSEDEV_PSAUX=y
CONFIG_INPUT_MOUSEDEV_SCREEN_X=1024
CONFIG_INPUT_MOUSEDEV_SCREEN_Y=768
# CONFIG_INPUT_JOYDEV is not set
# CONFIG_INPUT_TSDEV is not set
CONFIG_INPUT_EVDEV=y
# CONFIG_INPUT_EVBUG is not set
#
# Input Device Drivers
#
CONFIG_INPUT_KEYBOARD=y
CONFIG_KEYBOARD_ATKBD=y
# CONFIG_KEYBOARD_SUNKBD is not set
# CONFIG_KEYBOARD_LKKBD is not set
# CONFIG_KEYBOARD_XTKBD is not set
# CONFIG_KEYBOARD_NEWTON is not set
# CONFIG_KEYBOARD_STOWAWAY is not set
# CONFIG_INPUT_MOUSE is not set
# CONFIG_INPUT_JOYSTICK is not set
# CONFIG_INPUT_TABLET is not set
# CONFIG_INPUT_TOUCHSCREEN is not set
# CONFIG_INPUT_MISC is not set
#
# Hardware I/O ports
#
CONFIG_SERIO=y
CONFIG_SERIO_I8042=y
# CONFIG_SERIO_SERPORT is not set
# CONFIG_SERIO_CT82C710 is not set
# CONFIG_SERIO_PCIPS2 is not set
CONFIG_SERIO_LIBPS2=y
# CONFIG_SERIO_RAW is not set
# CONFIG_GAMEPORT is not set
#
# Character devices
#
CONFIG_VT=y
CONFIG_VT_CONSOLE=y
CONFIG_HW_CONSOLE=y
# CONFIG_VT_HW_CONSOLE_BINDING is not set
# CONFIG_SERIAL_NONSTANDARD is not set
#
# Serial drivers
#
CONFIG_SERIAL_8250=y
CONFIG_SERIAL_8250_CONSOLE=y
CONFIG_FIX_EARLYCON_MEM=y
CONFIG_SERIAL_8250_PCI=y
CONFIG_SERIAL_8250_NR_UARTS=4
CONFIG_SERIAL_8250_RUNTIME_UARTS=4
# CONFIG_SERIAL_8250_EXTENDED is not set
#
# Non-8250 serial port support
#
CONFIG_SERIAL_CORE=y
CONFIG_SERIAL_CORE_CONSOLE=y
# CONFIG_SERIAL_JSM is not set
CONFIG_UNIX98_PTYS=y
CONFIG_LEGACY_PTYS=y
CONFIG_LEGACY_PTY_COUNT=256
# CONFIG_IPMI_HANDLER is not set
# CONFIG_WATCHDOG is not set
CONFIG_HW_RANDOM=y
CONFIG_HW_RANDOM_INTEL=y
# CONFIG_HW_RANDOM_AMD is not set
# CONFIG_HW_RANDOM_GEODE is not set
# CONFIG_HW_RANDOM_VIA is not set
# CONFIG_NVRAM is not set
CONFIG_RTC=y
# CONFIG_R3964 is not set
# CONFIG_APPLICOM is not set
# CONFIG_SONYPI is not set
# CONFIG_AGP is not set
# CONFIG_DRM is not set
# CONFIG_MWAVE is not set
# CONFIG_PC8736x_GPIO is not set
# CONFIG_NSC_GPIO is not set
# CONFIG_CS5535_GPIO is not set
# CONFIG_RAW_DRIVER is not set
# CONFIG_HANGCHECK_TIMER is not set
# CONFIG_TCG_TPM is not set
# CONFIG_TELCLOCK is not set
CONFIG_DEVPORT=y
# CONFIG_I2C is not set
#
# SPI support
#
# CONFIG_SPI is not set
# CONFIG_SPI_MASTER is not set
# CONFIG_W1 is not set
# CONFIG_POWER_SUPPLY is not set
# CONFIG_HWMON is not set
#
# Multifunction device drivers
#
# CONFIG_MFD_SM501 is not set
#
# Multimedia devices
#
# CONFIG_VIDEO_DEV is not set
# CONFIG_DVB_CORE is not set
# CONFIG_DAB is not set
#
# Graphics support
#
# CONFIG_BACKLIGHT_LCD_SUPPORT is not set
#
# Display device support
#
# CONFIG_DISPLAY_SUPPORT is not set
# CONFIG_VGASTATE is not set
# CONFIG_VIDEO_OUTPUT_CONTROL is not set
# CONFIG_FB is not set
#
# Console display driver support
#
CONFIG_VGA_CONSOLE=y
CONFIG_VGACON_SOFT_SCROLLBACK=y
CONFIG_VGACON_SOFT_SCROLLBACK_SIZE=128
CONFIG_VIDEO_SELECT=y
CONFIG_DUMMY_CONSOLE=y
#
# Sound
#
# CONFIG_SOUND is not set
# CONFIG_HID_SUPPORT is not set
# CONFIG_USB_SUPPORT is not set
# CONFIG_MMC is not set
# CONFIG_NEW_LEDS is not set
# CONFIG_INFINIBAND is not set
# CONFIG_EDAC is not set
CONFIG_RTC_LIB=y
CONFIG_RTC_CLASS=y
CONFIG_RTC_HCTOSYS=y
CONFIG_RTC_HCTOSYS_DEVICE="rtc0"
# CONFIG_RTC_DEBUG is not set
#
# RTC interfaces
#
CONFIG_RTC_INTF_SYSFS=y
CONFIG_RTC_INTF_PROC=y
CONFIG_RTC_INTF_DEV=y
# CONFIG_RTC_INTF_DEV_UIE_EMUL is not set
# CONFIG_RTC_DRV_TEST is not set
#
# SPI RTC drivers
#
#
# Platform RTC drivers
#
CONFIG_RTC_DRV_CMOS=y
# CONFIG_RTC_DRV_DS1553 is not set
# CONFIG_RTC_DRV_STK17TA8 is not set
# CONFIG_RTC_DRV_DS1742 is not set
# CONFIG_RTC_DRV_M48T86 is not set
# CONFIG_RTC_DRV_M48T59 is not set
# CONFIG_RTC_DRV_V3020 is not set
#
# on-CPU RTC drivers
#
#
# DMA Engine support
#
# CONFIG_DMA_ENGINE is not set
#
# DMA Clients
#
#
# DMA Devices
#
# CONFIG_VIRTUALIZATION is not set
#
# Userspace I/O
#
# CONFIG_UIO is not set
#
# File systems
#
CONFIG_EXT2_FS=y
CONFIG_EXT2_FS_XATTR=y
CONFIG_EXT2_FS_POSIX_ACL=y
# CONFIG_EXT2_FS_SECURITY is not set
# CONFIG_EXT2_FS_XIP is not set
CONFIG_EXT3_FS=y
CONFIG_EXT3_FS_XATTR=y
CONFIG_EXT3_FS_POSIX_ACL=y
# CONFIG_EXT3_FS_SECURITY is not set
# CONFIG_EXT4DEV_FS is not set
CONFIG_JBD=y
# CONFIG_JBD_DEBUG is not set
CONFIG_FS_MBCACHE=y
# CONFIG_REISERFS_FS is not set
# CONFIG_JFS_FS is not set
CONFIG_FS_POSIX_ACL=y
# CONFIG_XFS_FS is not set
# CONFIG_GFS2_FS is not set
# CONFIG_OCFS2_FS is not set
# CONFIG_MINIX_FS is not set
# CONFIG_ROMFS_FS is not set
# CONFIG_INOTIFY is not set
# CONFIG_QUOTA is not set
CONFIG_DNOTIFY=y
# CONFIG_AUTOFS_FS is not set
# CONFIG_AUTOFS4_FS is not set
# CONFIG_FUSE_FS is not set
CONFIG_GENERIC_ACL=y
#
# CD-ROM/DVD Filesystems
#
CONFIG_ISO9660_FS=y
CONFIG_JOLIET=y
CONFIG_ZISOFS=y
CONFIG_UDF_FS=y
CONFIG_UDF_NLS=y
#
# DOS/FAT/NT Filesystems
#
CONFIG_FAT_FS=y
CONFIG_MSDOS_FS=y
CONFIG_VFAT_FS=y
CONFIG_FAT_DEFAULT_CODEPAGE=850
CONFIG_FAT_DEFAULT_IOCHARSET="iso8859-1"
CONFIG_NTFS_FS=y
# CONFIG_NTFS_DEBUG is not set
# CONFIG_NTFS_RW is not set
#
# Pseudo filesystems
#
CONFIG_PROC_FS=y
CONFIG_PROC_KCORE=y
CONFIG_PROC_SYSCTL=y
CONFIG_SYSFS=y
CONFIG_TMPFS=y
CONFIG_TMPFS_POSIX_ACL=y
CONFIG_HUGETLBFS=y
CONFIG_HUGETLB_PAGE=y
CONFIG_RAMFS=y
# CONFIG_CONFIGFS_FS is not set
#
# Miscellaneous filesystems
#
# CONFIG_ADFS_FS is not set
# CONFIG_AFFS_FS is not set
# CONFIG_HFS_FS is not set
# CONFIG_HFSPLUS_FS is not set
# CONFIG_BEFS_FS is not set
# CONFIG_BFS_FS is not set
# CONFIG_EFS_FS is not set
# CONFIG_CRAMFS is not set
# CONFIG_VXFS_FS is not set
# CONFIG_HPFS_FS is not set
# CONFIG_QNX4FS_FS is not set
# CONFIG_SYSV_FS is not set
# CONFIG_UFS_FS is not set
#
# Network File Systems
#
# CONFIG_NFS_FS is not set
# CONFIG_NFSD is not set
# CONFIG_SMB_FS is not set
# CONFIG_CIFS is not set
# CONFIG_NCP_FS is not set
# CONFIG_CODA_FS is not set
# CONFIG_AFS_FS is not set
#
# Partition Types
#
# CONFIG_PARTITION_ADVANCED is not set
CONFIG_MSDOS_PARTITION=y
#
# Native Language Support
#
CONFIG_NLS=y
CONFIG_NLS_DEFAULT="iso8859-1"
CONFIG_NLS_CODEPAGE_437=y
# CONFIG_NLS_CODEPAGE_737 is not set
# CONFIG_NLS_CODEPAGE_775 is not set
CONFIG_NLS_CODEPAGE_850=y
# CONFIG_NLS_CODEPAGE_852 is not set
# CONFIG_NLS_CODEPAGE_855 is not set
# CONFIG_NLS_CODEPAGE_857 is not set
# CONFIG_NLS_CODEPAGE_860 is not set
# CONFIG_NLS_CODEPAGE_861 is not set
# CONFIG_NLS_CODEPAGE_862 is not set
# CONFIG_NLS_CODEPAGE_863 is not set
# CONFIG_NLS_CODEPAGE_864 is not set
# CONFIG_NLS_CODEPAGE_865 is not set
# CONFIG_NLS_CODEPAGE_866 is not set
# CONFIG_NLS_CODEPAGE_869 is not set
# CONFIG_NLS_CODEPAGE_936 is not set
# CONFIG_NLS_CODEPAGE_950 is not set
# CONFIG_NLS_CODEPAGE_932 is not set
# CONFIG_NLS_CODEPAGE_949 is not set
# CONFIG_NLS_CODEPAGE_874 is not set
# CONFIG_NLS_ISO8859_8 is not set
# CONFIG_NLS_CODEPAGE_1250 is not set
# CONFIG_NLS_CODEPAGE_1251 is not set
CONFIG_NLS_ASCII=y
CONFIG_NLS_ISO8859_1=y
# CONFIG_NLS_ISO8859_2 is not set
# CONFIG_NLS_ISO8859_3 is not set
# CONFIG_NLS_ISO8859_4 is not set
# CONFIG_NLS_ISO8859_5 is not set
# CONFIG_NLS_ISO8859_6 is not set
# CONFIG_NLS_ISO8859_7 is not set
# CONFIG_NLS_ISO8859_9 is not set
# CONFIG_NLS_ISO8859_13 is not set
# CONFIG_NLS_ISO8859_14 is not set
CONFIG_NLS_ISO8859_15=y
# CONFIG_NLS_KOI8_R is not set
# CONFIG_NLS_KOI8_U is not set
CONFIG_NLS_UTF8=y
#
# Distributed Lock Manager
#
# CONFIG_DLM is not set
# CONFIG_INSTRUMENTATION is not set
#
# Kernel hacking
#
CONFIG_TRACE_IRQFLAGS_SUPPORT=y
# CONFIG_PRINTK_TIME is not set
# CONFIG_ENABLE_MUST_CHECK is not set
# CONFIG_MAGIC_SYSRQ is not set
# CONFIG_UNUSED_SYMBOLS is not set
# CONFIG_DEBUG_FS is not set
# CONFIG_HEADERS_CHECK is not set
# CONFIG_DEBUG_KERNEL is not set
CONFIG_DEBUG_BUGVERBOSE=y
CONFIG_EARLY_PRINTK=y
CONFIG_X86_FIND_SMP_CONFIG=y
CONFIG_X86_MPPARSE=y
CONFIG_DOUBLEFAULT=y
#
# Security options
#
#
# PaX
#
CONFIG_PAX=y
#
# PaX Control
#
CONFIG_PAX_SOFTMODE=y
# CONFIG_PAX_EI_PAX is not set
# CONFIG_PAX_PT_PAX_FLAGS is not set
# CONFIG_PAX_NO_ACL_FLAGS is not set
CONFIG_PAX_HAVE_ACL_FLAGS=y
# CONFIG_PAX_HOOK_ACL_FLAGS is not set
#
# Non-executable pages
#
CONFIG_PAX_NOEXEC=y
CONFIG_PAX_SEGMEXEC=y
# CONFIG_PAX_EMUTRAMP is not set
CONFIG_PAX_MPROTECT=y
CONFIG_PAX_NOELFRELOCS=y
#
# Address Space Layout Randomization
#
CONFIG_PAX_ASLR=y
CONFIG_PAX_RANDUSTACK=y
CONFIG_PAX_RANDMMAP=y
#
# Miscellaneous hardening features
#
# CONFIG_PAX_MEMORY_SANITIZE is not set
# CONFIG_PAX_MEMORY_UDEREF is not set
# CONFIG_KEYS is not set
# CONFIG_SECURITY is not set
CONFIG_CRYPTO=y
CONFIG_CRYPTO_ALGAPI=y
CONFIG_CRYPTO_BLKCIPHER=y
CONFIG_CRYPTO_MANAGER=y
# CONFIG_CRYPTO_HMAC is not set
# CONFIG_CRYPTO_XCBC is not set
# CONFIG_CRYPTO_NULL is not set
CONFIG_CRYPTO_MD4=y
CONFIG_CRYPTO_MD5=y
CONFIG_CRYPTO_SHA1=y
CONFIG_CRYPTO_SHA256=y
CONFIG_CRYPTO_SHA512=y
# CONFIG_CRYPTO_WP512 is not set
# CONFIG_CRYPTO_TGR192 is not set
# CONFIG_CRYPTO_GF128MUL is not set
CONFIG_CRYPTO_ECB=y
CONFIG_CRYPTO_CBC=y
CONFIG_CRYPTO_PCBC=y
# CONFIG_CRYPTO_LRW is not set
# CONFIG_CRYPTO_CRYPTD is not set
# CONFIG_CRYPTO_DES is not set
# CONFIG_CRYPTO_FCRYPT is not set
# CONFIG_CRYPTO_BLOWFISH is not set
CONFIG_CRYPTO_TWOFISH=y
CONFIG_CRYPTO_TWOFISH_COMMON=y
CONFIG_CRYPTO_TWOFISH_586=y
CONFIG_CRYPTO_SERPENT=y
CONFIG_CRYPTO_AES=y
CONFIG_CRYPTO_AES_586=y
# CONFIG_CRYPTO_CAST5 is not set
# CONFIG_CRYPTO_CAST6 is not set
# CONFIG_CRYPTO_TEA is not set
# CONFIG_CRYPTO_ARC4 is not set
# CONFIG_CRYPTO_KHAZAD is not set
# CONFIG_CRYPTO_ANUBIS is not set
# CONFIG_CRYPTO_DEFLATE is not set
# CONFIG_CRYPTO_MICHAEL_MIC is not set
# CONFIG_CRYPTO_CRC32C is not set
# CONFIG_CRYPTO_CAMELLIA is not set
# CONFIG_CRYPTO_HW is not set
#
# Library routines
#
CONFIG_BITREVERSE=y
# CONFIG_CRC_CCITT is not set
# CONFIG_CRC16 is not set
# CONFIG_CRC_ITU_T is not set
CONFIG_CRC32=y
# CONFIG_CRC7 is not set
# CONFIG_LIBCRC32C is not set
CONFIG_ZLIB_INFLATE=y
CONFIG_TEXTSEARCH=y
CONFIG_TEXTSEARCH_KMP=y
CONFIG_TEXTSEARCH_BM=y
CONFIG_TEXTSEARCH_FSM=y
CONFIG_PLIST=y
CONFIG_HAS_IOMEM=y
CONFIG_HAS_IOPORT=y
CONFIG_HAS_DMA=y
CONFIG_GENERIC_HARDIRQS=y
CONFIG_GENERIC_IRQ_PROBE=y
CONFIG_X86_BIOS_REBOOT=y
CONFIG_KTIME_SCALAR=y
2008/12/21 Sadako <sadako@hamiltonshells.ca>:
>> I have one virtualbox using VT extensions, and runs fine. I have used
>> PaX in the guest with rsbac 1.3.7 and the noexec based on segmentation
>> and all others on (peMRXS flags) and goes fine (with pageexec does not
>> work, hangs at boot, so I switch segmexec). I think that you shouldn't
>> have any troubles with kvm, if you have some try using virtualbox.
>> I added -D_FORTIFY_SOURCE=2 to the cflags in make.conf compilation, it
>> runs fine too and I think is safe. Not hangs at the moment.
>>
>> 2008/12/16 Romain BERGE <romain.berge@gmail.com>:
>>> Hey all,
>>>
>>> I am wondering of using and AMD CPU with the AMD-V.
>>> I wonder of using KVM to virtualise a few Hardened server.
>>>
>>> Someone used already KVM+ Hardened ?
>>>
>>> Working fine ?
>>>
>>> Thanks
>>>
>>> Regards
>>>
>>>
>>
>>
> Do you actually have the virtualbox _host_ running under hardened-sources?
> If so, could you please upload your kernel config somewhere?
>
> I've been trying to do the same, but upon trying to boot a guest (any
> guest) via virtualbox the host box locks up, and I've tried everything I
> can think of, including disabling _all_ grsec and pax options within the
> kernel...
>
>
>
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [gentoo-hardened] KVM & Gentoo Hardened
2008-12-21 16:21 ` Sadako
2008-12-21 16:59 ` Javier J. Martínez Cabezón
@ 2008-12-21 17:22 ` Javier J. Martínez Cabezón
2008-12-21 17:35 ` Sadako
2008-12-22 4:34 ` Pavel Labushev
2 siblings, 1 reply; 12+ messages in thread
From: Javier J. Martínez Cabezón @ 2008-12-21 17:22 UTC (permalink / raw
To: gentoo-hardened
2008/12/21 Sadako <sadako@hamiltonshells.ca>:
>> I have one virtualbox using VT extensions, and runs fine. I have used
>> PaX in the guest with rsbac 1.3.7 and the noexec based on segmentation
>> and all others on (peMRXS flags) and goes fine (with pageexec does not
>> work, hangs at boot, so I switch segmexec). I think that you shouldn't
>> have any troubles with kvm, if you have some try using virtualbox.
>> I added -D_FORTIFY_SOURCE=2 to the cflags in make.conf compilation, it
>> runs fine too and I think is safe. Not hangs at the moment.
>>
>> 2008/12/16 Romain BERGE <romain.berge@gmail.com>:
>>> Hey all,
>>>
>>> I am wondering of using and AMD CPU with the AMD-V.
>>> I wonder of using KVM to virtualise a few Hardened server.
>>>
>>> Someone used already KVM+ Hardened ?
>>>
>>> Working fine ?
>>>
>>> Thanks
>>>
>>> Regards
>>>
>>>
>>
>>
> Do you actually have the virtualbox _host_ running under hardened-sources?
> If so, could you please upload your kernel config somewhere?
>
> I've been trying to do the same, but upon trying to boot a guest (any
> guest) via virtualbox the host box locks up, and I've tried everything I
> can think of, including disabling _all_ grsec and pax options within the
> kernel...
>
>
>
Are you sure is related to the host?. Why?.
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [gentoo-hardened] KVM & Gentoo Hardened
2008-12-21 17:22 ` Javier J. Martínez Cabezón
@ 2008-12-21 17:35 ` Sadako
2008-12-21 20:27 ` Romain BERGE
0 siblings, 1 reply; 12+ messages in thread
From: Sadako @ 2008-12-21 17:35 UTC (permalink / raw
To: gentoo-hardened
> 2008/12/21 Sadako <sadako@hamiltonshells.ca>:
>>> I have one virtualbox using VT extensions, and runs fine. I have used
>>> PaX in the guest with rsbac 1.3.7 and the noexec based on segmentation
>>> and all others on (peMRXS flags) and goes fine (with pageexec does not
>>> work, hangs at boot, so I switch segmexec). I think that you shouldn't
>>> have any troubles with kvm, if you have some try using virtualbox.
>>> I added -D_FORTIFY_SOURCE=2 to the cflags in make.conf compilation, it
>>> runs fine too and I think is safe. Not hangs at the moment.
>>>
>>> 2008/12/16 Romain BERGE <romain.berge@gmail.com>:
>>>> Hey all,
>>>>
>>>> I am wondering of using and AMD CPU with the AMD-V.
>>>> I wonder of using KVM to virtualise a few Hardened server.
>>>>
>>>> Someone used already KVM+ Hardened ?
>>>>
>>>> Working fine ?
>>>>
>>>> Thanks
>>>>
>>>> Regards
>>>>
>>>>
>>>
>>>
>> Do you actually have the virtualbox _host_ running under
>> hardened-sources?
>> If so, could you please upload your kernel config somewhere?
>>
>> I've been trying to do the same, but upon trying to boot a guest (any
>> guest) via virtualbox the host box locks up, and I've tried everything I
>> can think of, including disabling _all_ grsec and pax options within the
>> kernel...
>>
>>
>>
>
> Are you sure is related to the host?. Why?.
>
>
It's the host box which is locking up, and the host which is running
hardened-sources.
Booting the host with gentoo-sources, and it works fine.
I believe others have had the same issue as me, however there is at least
one person who has had it working without any issues, see this fgo thread;
https://forums.gentoo.org/viewtopic-t-713850.html
Unfortunately, that user informed me via PM that he no longer has the
kernel configs he used...
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [gentoo-hardened] KVM & Gentoo Hardened
2008-12-21 17:35 ` Sadako
@ 2008-12-21 20:27 ` Romain BERGE
0 siblings, 0 replies; 12+ messages in thread
From: Romain BERGE @ 2008-12-21 20:27 UTC (permalink / raw
To: gentoo-hardened
Sadako a écrit :
>> 2008/12/21 Sadako <sadako@hamiltonshells.ca>:
>>
>>>> I have one virtualbox using VT extensions, and runs fine. I have used
>>>> PaX in the guest with rsbac 1.3.7 and the noexec based on segmentation
>>>> and all others on (peMRXS flags) and goes fine (with pageexec does not
>>>> work, hangs at boot, so I switch segmexec). I think that you shouldn't
>>>> have any troubles with kvm, if you have some try using virtualbox.
>>>> I added -D_FORTIFY_SOURCE=2 to the cflags in make.conf compilation, it
>>>> runs fine too and I think is safe. Not hangs at the moment.
>>>>
>>>> 2008/12/16 Romain BERGE <romain.berge@gmail.com>:
>>>>
>>>>> Hey all,
>>>>>
>>>>> I am wondering of using and AMD CPU with the AMD-V.
>>>>> I wonder of using KVM to virtualise a few Hardened server.
>>>>>
>>>>> Someone used already KVM+ Hardened ?
>>>>>
>>>>> Working fine ?
>>>>>
>>>>> Thanks
>>>>>
>>>>> Regards
>>>>>
>>>>>
>>>>>
>>>>
>>> Do you actually have the virtualbox _host_ running under
>>> hardened-sources?
>>> If so, could you please upload your kernel config somewhere?
>>>
>>> I've been trying to do the same, but upon trying to boot a guest (any
>>> guest) via virtualbox the host box locks up, and I've tried everything I
>>> can think of, including disabling _all_ grsec and pax options within the
>>> kernel...
>>>
>>>
>>>
>>>
>> Are you sure is related to the host?. Why?.
>>
>>
>>
> It's the host box which is locking up, and the host which is running
> hardened-sources.
> Booting the host with gentoo-sources, and it works fine.
>
> I believe others have had the same issue as me, however there is at least
> one person who has had it working without any issues, see this fgo thread;
> https://forums.gentoo.org/viewtopic-t-713850.html
>
> Unfortunately, that user informed me via PM that he no longer has the
> kernel configs he used...
>
>
>
The CPU i plan to use also offer the NX bit.
It is used by Pax for the segregation of the memory page.
Thus it avoid to emulate the NX bit (which slows down the machine).
Does someone know if the NX bit feature will also be used by my guest
gentoo-hardened ?
Or is it limited to the gentoo-hardened host ?
Thanks
PS: the question is in fact similar to every CPU feature (like
SSE,SSE2,....) Are they reachable by the guest OS ?
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [gentoo-hardened] KVM & Gentoo Hardened
2008-12-21 16:21 ` Sadako
2008-12-21 16:59 ` Javier J. Martínez Cabezón
2008-12-21 17:22 ` Javier J. Martínez Cabezón
@ 2008-12-22 4:34 ` Pavel Labushev
2 siblings, 0 replies; 12+ messages in thread
From: Pavel Labushev @ 2008-12-22 4:34 UTC (permalink / raw
To: gentoo-hardened
Sadako ?????:
> Do you actually have the virtualbox _host_ running under hardened-sources?
> If so, could you please upload your kernel config somewhere?
Try the following:
Disable CONFIG_PAX_NOELFRELOCS to compile virtualbox (you can enable it
after to run virtualbox).
Disable CONFIG_PAX_KERNEXEC and CONFIG_PAX_MEMORY_UDEREF to run virtualbox.
Disable V-T/AMD-V for your guests.
It used to work for me with hardened-sources-2.6.25 on Athlon X2 (i386)
until I moved to vmware server (that is, by the way, requires just
KERNEXEC to be disabled).
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [gentoo-hardened] KVM & Gentoo Hardened
2008-12-16 21:19 [gentoo-hardened] KVM & Gentoo Hardened Romain BERGE
2008-12-21 13:10 ` Javier J. Martínez Cabezón
@ 2009-01-10 6:38 ` RB
2009-01-10 16:07 ` Thomas Sachau
1 sibling, 1 reply; 12+ messages in thread
From: RB @ 2009-01-10 6:38 UTC (permalink / raw
To: gentoo-hardened
On Tue, Dec 16, 2008 at 14:19, Romain BERGE <romain.berge@gmail.com> wrote:
> Hey all,
>
> I am wondering of using and AMD CPU with the AMD-V.
> I wonder of using KVM to virtualise a few Hardened server.
>
> Someone used already KVM+ Hardened ?
Anyone else get KVM running on a hardened host? I'm seeing some
issues right now:
- The kvm-82 modules use symbols only in 2.6.28, making it
incompatible with the current hardened-sources:
[ 1584.882179] kvm: Unknown symbol intel_iommu_domain_alloc
[ 1584.882259] kvm: Unknown symbol intel_iommu_detach_dev
[ 1584.882340] kvm: Unknown symbol intel_iommu_page_mapping
[ 1584.882768] kvm: Unknown symbol intel_iommu_context_mapping
[ 1584.882862] kvm: Unknown symbol intel_iommu_iova_to_pfn
[ 1584.883441] kvm: Unknown symbol intel_iommu_domain_exit
- KVM segfaults upon execution against the 2.6.27-hardened-r3; I
haven't debugged it yet, but it may well be tied to the symbol issues
- kqemu starts to compile with gcc-4.3.2-r2 but fails with a
relocation error I'm seeing from several other packages under the new
hardened gcc-4.3.2-r2:
relocation R_X86_64_32 against `a local symbol' can not be used when
making a shared object; recompile with -fPIC
(I've already patched a few packages for these)
- Even after disabling kqemu and switching to gcc-3.x, compiling
qemu-softmmu results in the same error as above.
Rather disappointing, I was hoping to get a hardened profile host
backing my VMs. Guess it's back to a standard profile for a bit.
RB
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [gentoo-hardened] KVM & Gentoo Hardened
2009-01-10 6:38 ` RB
@ 2009-01-10 16:07 ` Thomas Sachau
2009-01-12 18:47 ` RB
0 siblings, 1 reply; 12+ messages in thread
From: Thomas Sachau @ 2009-01-10 16:07 UTC (permalink / raw
To: gentoo-hardened
[-- Attachment #1: Type: text/plain, Size: 1983 bytes --]
RB schrieb:
> On Tue, Dec 16, 2008 at 14:19, Romain BERGE <romain.berge@gmail.com> wrote:
>> Hey all,
>>
>> I am wondering of using and AMD CPU with the AMD-V.
>> I wonder of using KVM to virtualise a few Hardened server.
>>
>> Someone used already KVM+ Hardened ?
>
> Anyone else get KVM running on a hardened host? I'm seeing some
> issues right now:
> - The kvm-82 modules use symbols only in 2.6.28, making it
> incompatible with the current hardened-sources:
> [ 1584.882179] kvm: Unknown symbol intel_iommu_domain_alloc
> [ 1584.882259] kvm: Unknown symbol intel_iommu_detach_dev
> [ 1584.882340] kvm: Unknown symbol intel_iommu_page_mapping
> [ 1584.882768] kvm: Unknown symbol intel_iommu_context_mapping
> [ 1584.882862] kvm: Unknown symbol intel_iommu_iova_to_pfn
> [ 1584.883441] kvm: Unknown symbol intel_iommu_domain_exit
> - KVM segfaults upon execution against the 2.6.27-hardened-r3; I
> haven't debugged it yet, but it may well be tied to the symbol issues
> - kqemu starts to compile with gcc-4.3.2-r2 but fails with a
> relocation error I'm seeing from several other packages under the new
> hardened gcc-4.3.2-r2:
> relocation R_X86_64_32 against `a local symbol' can not be used when
> making a shared object; recompile with -fPIC
> (I've already patched a few packages for these)
> - Even after disabling kqemu and switching to gcc-3.x, compiling
> qemu-softmmu results in the same error as above.
>
> Rather disappointing, I was hoping to get a hardened profile host
> backing my VMs. Guess it's back to a standard profile for a bit.
>
>
> RB
>
>
I have KVM + hardened toolchain + hardened-sources running without problems for a longer time now.
Probably the main differences:
-I am using the experimental hardened toolchain overlay from Zorry and xake.
-I am using the in-kernel kvm-modules instead of those provided by kvm (compiled in, not as module).
--
Thomas Sachau
Gentoo Linux Developer
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 315 bytes --]
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [gentoo-hardened] KVM & Gentoo Hardened
2009-01-10 16:07 ` Thomas Sachau
@ 2009-01-12 18:47 ` RB
2009-01-12 20:43 ` Ned Ludd
0 siblings, 1 reply; 12+ messages in thread
From: RB @ 2009-01-12 18:47 UTC (permalink / raw
To: gentoo-hardened
On Sat, Jan 10, 2009 at 09:07, Thomas Sachau <tommy@gentoo.org> wrote:
> RB schrieb:
> I have KVM + hardened toolchain + hardened-sources running without problems for a longer time now.
> Probably the main differences:
> -I am using the experimental hardened toolchain overlay from Zorry and xake.
> -I am using the in-kernel kvm-modules instead of those provided by kvm (compiled in, not as module).
The only real difference, then, is the toolchain - I'm running the
~amd64 (hardened) gcc-4.3.2-r2 from the main tree and the
hardened/linux/amd64/2008.0/server profile on the latest (2.6.27-r3)
hardened-sources.
Can anyone elucidate the difference between the Zorry/xake toolchain
and the one Solar was working on last month?
RB
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [gentoo-hardened] KVM & Gentoo Hardened
2009-01-12 18:47 ` RB
@ 2009-01-12 20:43 ` Ned Ludd
0 siblings, 0 replies; 12+ messages in thread
From: Ned Ludd @ 2009-01-12 20:43 UTC (permalink / raw
To: gentoo-hardened
On Mon, 2009-01-12 at 11:47 -0700, RB wrote:
> On Sat, Jan 10, 2009 at 09:07, Thomas Sachau <tommy@gentoo.org> wrote:
> > RB schrieb:
> > I have KVM + hardened toolchain + hardened-sources running without problems for a longer time now.
> > Probably the main differences:
> > -I am using the experimental hardened toolchain overlay from Zorry and xake.
> > -I am using the in-kernel kvm-modules instead of those provided by kvm (compiled in, not as module).
>
> The only real difference, then, is the toolchain - I'm running the
> ~amd64 (hardened) gcc-4.3.2-r2 from the main tree and the
> hardened/linux/amd64/2008.0/server profile on the latest (2.6.27-r3)
> hardened-sources.
>
> Can anyone elucidate the difference between the Zorry/xake toolchain
> and the one Solar was working on last month?
There is no "by default" SSP support in whats in the main tree at this
point. gengor will be working with Zorry over time to get that SSP
implementation tree worthy.
--
Ned Ludd <solar@gentoo.org>
Gentoo Linux
^ permalink raw reply [flat|nested] 12+ messages in thread
end of thread, other threads:[~2009-01-12 20:43 UTC | newest]
Thread overview: 12+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-12-16 21:19 [gentoo-hardened] KVM & Gentoo Hardened Romain BERGE
2008-12-21 13:10 ` Javier J. Martínez Cabezón
2008-12-21 16:21 ` Sadako
2008-12-21 16:59 ` Javier J. Martínez Cabezón
2008-12-21 17:22 ` Javier J. Martínez Cabezón
2008-12-21 17:35 ` Sadako
2008-12-21 20:27 ` Romain BERGE
2008-12-22 4:34 ` Pavel Labushev
2009-01-10 6:38 ` RB
2009-01-10 16:07 ` Thomas Sachau
2009-01-12 18:47 ` RB
2009-01-12 20:43 ` Ned Ludd
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox