From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1LESDf-0007hj-Nb for garchives@archives.gentoo.org; Sun, 21 Dec 2008 17:35:59 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 7FD9AE034F; Sun, 21 Dec 2008 17:35:58 +0000 (UTC) Received: from fep3.cogeco.net (smtp2.cogeco.ca [216.221.81.29]) by pigeon.gentoo.org (Postfix) with ESMTP id 58587E034F for ; Sun, 21 Dec 2008 17:35:58 +0000 (UTC) Received: from mail.internal.hamiltonshells.ca (d221-91-56.commercial.cgocable.net [216.221.91.56]) by fep3.cogeco.net (Postfix) with ESMTP id 3866B123C for ; Sun, 21 Dec 2008 12:35:58 -0500 (EST) Received: from localhost (www.internal.hamiltonshells.ca [127.0.0.1]) by mail.internal.hamiltonshells.ca (Postfix) with ESMTP id E25A12946A for ; Sun, 21 Dec 2008 12:35:57 -0500 (EST) X-Virus-Scanned: amavisd-new at internal.hamiltonshells.ca Received: from mail.internal.hamiltonshells.ca ([127.0.0.1]) by localhost (www.internal.hamiltonshells.ca [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rs08T5e5yQM5 for ; Sun, 21 Dec 2008 12:35:57 -0500 (EST) Received: from www.hamiltonshells.ca (www.internal.hamiltonshells.ca [127.0.0.1]) by mail.internal.hamiltonshells.ca (Postfix) with ESMTP id B83BE29437 for ; Sun, 21 Dec 2008 12:35:56 -0500 (EST) Received: from 86.41.126.112 (SquirrelMail authenticated user hopeless) by www.hamiltonshells.ca with HTTP; Sun, 21 Dec 2008 17:35:56 -0000 (GMT) Message-ID: <14578a6084b1afc582f74e44bc676bbf.squirrel@www.hamiltonshells.ca> In-Reply-To: <897813410812210922u3807b195r44ae36275977c59b@mail.gmail.com> References: <49481B57.4010801@gmail.com> <897813410812210510x213af7dhe692529c5f5e8a3@mail.gmail.com> <891aebf1f2cc377adba08adebc77c120.squirrel@www.hamiltonshells.ca> <897813410812210922u3807b195r44ae36275977c59b@mail.gmail.com> Date: Sun, 21 Dec 2008 17:35:56 -0000 (GMT) Subject: Re: [gentoo-hardened] KVM & Gentoo Hardened From: "Sadako" To: gentoo-hardened@lists.gentoo.org User-Agent: SquirrelMail/1.4.17 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-hardened@lists.gentoo.org Reply-to: gentoo-hardened@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 X-Priority: 3 (Normal) Importance: Normal Content-Transfer-Encoding: quoted-printable X-Archives-Salt: ca3156af-a8af-4e89-96cc-a453fdd607a8 X-Archives-Hash: 18fd02bb3703c7d0aa28ab7d4190ca38 > 2008/12/21 Sadako : >>> I have one virtualbox using VT extensions, and runs fine. I have used >>> PaX in the guest with rsbac 1.3.7 and the noexec based on segmentatio= n >>> and all others on (peMRXS flags) and goes fine (with pageexec does no= t >>> work, hangs at boot, so I switch segmexec). I think that you shouldn'= t >>> have any troubles with kvm, if you have some try using virtualbox. >>> I added -D_FORTIFY_SOURCE=3D2 to the cflags in make.conf compilation,= it >>> runs fine too and I think is safe. Not hangs at the moment. >>> >>> 2008/12/16 Romain BERGE : >>>> Hey all, >>>> >>>> I am wondering of using and AMD CPU with the AMD-V. >>>> I wonder of using KVM to virtualise a few Hardened server. >>>> >>>> Someone used already KVM+ Hardened ? >>>> >>>> Working fine ? >>>> >>>> Thanks >>>> >>>> Regards >>>> >>>> >>> >>> >> Do you actually have the virtualbox _host_ running under >> hardened-sources? >> If so, could you please upload your kernel config somewhere? >> >> I've been trying to do the same, but upon trying to boot a guest (any >> guest) via virtualbox the host box locks up, and I've tried everything= I >> can think of, including disabling _all_ grsec and pax options within t= he >> kernel... >> >> >> > > Are you sure is related to the host?. Why?. > > It's the host box which is locking up, and the host which is running hardened-sources. Booting the host with gentoo-sources, and it works fine. I believe others have had the same issue as me, however there is at least one person who has had it working without any issues, see this fgo thread= ; https://forums.gentoo.org/viewtopic-t-713850.html Unfortunately, that user informed me via PM that he no longer has the kernel configs he used...