From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1MaE1i-0001cb-0i for garchives@archives.gentoo.org; Sun, 09 Aug 2009 19:25:54 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 568ACE04C1; Sun, 9 Aug 2009 19:25:52 +0000 (UTC) Received: from virtual.dyc.edu (unknown [65.249.164.70]) by pigeon.gentoo.org (Postfix) with ESMTP id 37DF7E04C1 for ; Sun, 9 Aug 2009 19:25:52 +0000 (UTC) Received: from [192.168.3.11] (unknown [192.168.3.11]) by virtual.dyc.edu (Postfix) with ESMTP id 82677120032 for ; Sun, 9 Aug 2009 15:25:51 -0400 (EDT) Subject: Re: [gentoo-hardened] virtualization with gentoo hardened From: basile To: gentoo-hardened@lists.gentoo.org In-Reply-To: <20090808215531.47a1e2a7@mpismpirikos.tolises.homeunix.org> References: <20090808213543.260ad68f@mpismpirikos.tolises.homeunix.org> <4A7DC67A.3070006@opensource.dyc.edu> <20090808215531.47a1e2a7@mpismpirikos.tolises.homeunix.org> Content-Type: text/plain Date: Sun, 09 Aug 2009 15:25:01 -0400 Message-Id: <1249845901.4090.12.camel@karmic> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-hardened@lists.gentoo.org Reply-to: gentoo-hardened@lists.gentoo.org Mime-Version: 1.0 X-Mailer: Evolution 2.27.5 Content-Transfer-Encoding: 7bit X-Archives-Salt: 43ba522e-349f-4313-b8f8-ef9005461001 X-Archives-Hash: a9246c813bdb83e2e795f03b29649990 On Sat, 2009-08-08 at 21:55 +0300, Yiannis wrote: > On Sat, 08 Aug 2009 14:39:54 -0400 > basile wrote: > > > Yiannis wrote: > > > Hello, > > > > > > I am running hardened gentoo with the toolchain provided by the > > > xake-toolchain overlay. I am looking for a way to use virtualization > > > with my current config. I am aware of linux-vserver project which > > > has grsecurity integration, but as far as I remember does not play > > > well with rbac. Anyone that has a similar working config? > > > > > > Regards > > > > > > Yiannis > > > > > I run both i686 and amd64 as xen guests with the xake-toolchain > > overlay and kernel hardened with grsec. Is this what you want? > > > > If host's kernel is hardened then yes this is the case. Are you running > pax+grsec in both host and guest os? No sorry, neither the kernel nor toolchain of the host are hardened. I've never tried to harden a xen host, and I'm not sure what the issues would be.