From: Yiannis <yiannis@tolises.homeunix.org>
To: gentoo-hardened@lists.gentoo.org
Subject: Re: [gentoo-hardened] virtualization with gentoo hardened
Date: Sun, 9 Aug 2009 22:59:29 +0300 [thread overview]
Message-ID: <20090809225929.3f93dca0@mpismpirikos.tolises.homeunix.org> (raw)
In-Reply-To: <1249845901.4090.12.camel@karmic>
On Sun, 09 Aug 2009 15:25:01 -0400
basile <basile@opensource.dyc.edu> wrote:
> On Sat, 2009-08-08 at 21:55 +0300, Yiannis wrote:
> > On Sat, 08 Aug 2009 14:39:54 -0400
> > basile <basile@opensource.dyc.edu> wrote:
> >
> > > Yiannis wrote:
> > > > Hello,
> > > >
> > > > I am running hardened gentoo with the toolchain provided by the
> > > > xake-toolchain overlay. I am looking for a way to use
> > > > virtualization with my current config. I am aware of
> > > > linux-vserver project which has grsecurity integration, but as
> > > > far as I remember does not play well with rbac. Anyone that has
> > > > a similar working config?
> > > >
> > > > Regards
> > > >
> > > > Yiannis
> > > >
> > > I run both i686 and amd64 as xen guests with the xake-toolchain
> > > overlay and kernel hardened with grsec. Is this what you want?
> > >
> >
> > If host's kernel is hardened then yes this is the case. Are you
> > running pax+grsec in both host and guest os?
>
> No sorry, neither the kernel nor toolchain of the host are hardened.
> I've never tried to harden a xen host, and I'm not sure what the
> issues would be.
>
>
So, if I get it right you are using xen-sources as a
host and hardened-sources(pax+grsec) on guest. If it is the case do you
know if it is possible to run this setup on a machine without vmx?
I see that all the ebuilds from the main tree are masked. Are you using
xen-sources from the overlay?
How secure is this setup considered? I mean having
the host os(xen-souces) only for running some instances of
hardened-gentoo as guests is it the same(almost?) as running them on
seperate physical pc's?
next prev parent reply other threads:[~2009-08-09 19:59 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-08-08 18:35 [gentoo-hardened] virtualization with gentoo hardened Yiannis
2009-08-08 18:39 ` basile
2009-08-08 18:55 ` Yiannis
2009-08-09 19:25 ` basile
2009-08-09 19:59 ` Yiannis [this message]
2009-08-09 21:36 ` Pavel Labushev
2009-08-08 19:28 ` Michael Orlitzky
2009-08-08 22:01 ` Yiannis
2009-08-09 21:21 ` Pavel Labushev
2009-08-09 22:58 ` Yiannis
2009-08-10 2:52 ` RB
2009-08-10 5:34 ` Michael Orlitzky
2009-08-11 15:55 ` Ed W
2009-08-11 16:50 ` Yiannis
2009-08-11 21:30 ` Pavel Labushev
2009-08-13 10:58 ` Ed W
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090809225929.3f93dca0@mpismpirikos.tolises.homeunix.org \
--to=yiannis@tolises.homeunix.org \
--cc=gentoo-hardened@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox