From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1MZtyp-0004AL-Mp for garchives@archives.gentoo.org; Sat, 08 Aug 2009 22:01:35 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id F2020E02A5; Sat, 8 Aug 2009 22:01:32 +0000 (UTC) Received: from mail-bw0-f227.google.com (mail-bw0-f227.google.com [209.85.218.227]) by pigeon.gentoo.org (Postfix) with ESMTP id AD4A7E02A6 for ; Sat, 8 Aug 2009 22:01:32 +0000 (UTC) Received: by bwz27 with SMTP id 27so1967442bwz.34 for ; Sat, 08 Aug 2009 15:01:32 -0700 (PDT) Received: by 10.103.189.8 with SMTP id r8mr1173460mup.11.1249768891978; Sat, 08 Aug 2009 15:01:31 -0700 (PDT) Received: from mpismpirikos.tolises.homeunix.org (dsl-88-218-75-40.customers.vivodi.gr [88.218.75.40]) by mx.google.com with ESMTPS id e10sm12221397muf.44.2009.08.08.15.01.31 (version=TLSv1/SSLv3 cipher=RC4-MD5); Sat, 08 Aug 2009 15:01:31 -0700 (PDT) Date: Sun, 9 Aug 2009 01:01:25 +0300 From: Yiannis To: gentoo-hardened@lists.gentoo.org Subject: Re: [gentoo-hardened] virtualization with gentoo hardened Message-ID: <20090809010125.09b66d72@mpismpirikos.tolises.homeunix.org> In-Reply-To: <4A7DD1CA.7090209@orlitzky.com> References: <20090808213543.260ad68f@mpismpirikos.tolises.homeunix.org> <4A7DD1CA.7090209@orlitzky.com> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-hardened@lists.gentoo.org Reply-to: gentoo-hardened@lists.gentoo.org Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Archives-Salt: 2f21630f-6a01-41b3-9707-ce6c5eab3847 X-Archives-Hash: 3b5d7ee81b4ff6df1e64b33b2e52d234 On Sat, 08 Aug 2009 15:28:10 -0400 Michael Orlitzky wrote: > Yiannis wrote: > > Hello, > > > > I am running hardened gentoo with the toolchain provided by the > > xake-toolchain overlay. I am looking for a way to use virtualization > > with my current config. I am aware of linux-vserver project which > > has grsecurity integration, but as far as I remember does not play > > well with rbac. Anyone that has a similar working config? > > I'm using KVM here under a similar setup with few issues. > Occasionally the modules that ship with KVM will get out of sync with > the ones provided by the hardened kernel, but that hasn't caused me > any trouble in a while. And you can always use the modules that ship > with KVM. kvm is not for me since I am running gentoo on a via vb7001 and on older intel hardware without vt support.