From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1MZr4r-0004zD-M9 for garchives@archives.gentoo.org; Sat, 08 Aug 2009 18:55:38 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id B28ABE0595; Sat, 8 Aug 2009 18:55:36 +0000 (UTC) Received: from mail-fx0-f218.google.com (mail-fx0-f218.google.com [209.85.220.218]) by pigeon.gentoo.org (Postfix) with ESMTP id 77BADE0595 for ; Sat, 8 Aug 2009 18:55:36 +0000 (UTC) Received: by fxm18 with SMTP id 18so2211123fxm.14 for ; Sat, 08 Aug 2009 11:55:36 -0700 (PDT) Received: by 10.204.103.203 with SMTP id l11mr4010435bko.199.1249757735761; Sat, 08 Aug 2009 11:55:35 -0700 (PDT) Received: from mpismpirikos.tolises.homeunix.org (dsl-88-218-71-178.customers.vivodi.gr [88.218.71.178]) by mx.google.com with ESMTPS id c28sm4385594fka.49.2009.08.08.11.55.34 (version=TLSv1/SSLv3 cipher=RC4-MD5); Sat, 08 Aug 2009 11:55:35 -0700 (PDT) Date: Sat, 8 Aug 2009 21:55:31 +0300 From: Yiannis To: gentoo-hardened@lists.gentoo.org Subject: Re: [gentoo-hardened] virtualization with gentoo hardened Message-ID: <20090808215531.47a1e2a7@mpismpirikos.tolises.homeunix.org> In-Reply-To: <4A7DC67A.3070006@opensource.dyc.edu> References: <20090808213543.260ad68f@mpismpirikos.tolises.homeunix.org> <4A7DC67A.3070006@opensource.dyc.edu> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-hardened@lists.gentoo.org Reply-to: gentoo-hardened@lists.gentoo.org Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Archives-Salt: 70db0ae4-8040-4e27-a074-effb1781eed7 X-Archives-Hash: db5068b77189f3a72507a8f831e1fbb3 On Sat, 08 Aug 2009 14:39:54 -0400 basile wrote: > Yiannis wrote: > > Hello, > > > > I am running hardened gentoo with the toolchain provided by the > > xake-toolchain overlay. I am looking for a way to use virtualization > > with my current config. I am aware of linux-vserver project which > > has grsecurity integration, but as far as I remember does not play > > well with rbac. Anyone that has a similar working config? > > > > Regards > > > > Yiannis > > > I run both i686 and amd64 as xen guests with the xake-toolchain > overlay and kernel hardened with grsec. Is this what you want? > If host's kernel is hardened then yes this is the case. Are you running pax+grsec in both host and guest os?