* [gentoo-hardened] kvm on hardened (findings)
@ 2010-11-10 18:51 Matthew Thode
2010-11-11 11:57 ` Anthony G. Basile
0 siblings, 1 reply; 2+ messages in thread
From: Matthew Thode @ 2010-11-10 18:51 UTC (permalink / raw
To: gentoo-hardened
[-- Attachment #1: Type: text/plain, Size: 253 bytes --]
Disable kernexec and uderef on host for both AMD and Intel.
You can enable kernexec and uderef on AMD guests.
You can enable kernexec but not uderef on Intel guests.
The intel processors tested were the core2duo, i3 and i7.
-- prometheanfire
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 836 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [gentoo-hardened] kvm on hardened (findings)
2010-11-10 18:51 [gentoo-hardened] kvm on hardened (findings) Matthew Thode
@ 2010-11-11 11:57 ` Anthony G. Basile
0 siblings, 0 replies; 2+ messages in thread
From: Anthony G. Basile @ 2010-11-11 11:57 UTC (permalink / raw
To: gentoo-hardened
On 11/10/2010 01:51 PM, Matthew Thode wrote:
> Disable kernexec and uderef on host for both AMD and Intel.
> You can enable kernexec and uderef on AMD guests.
> You can enable kernexec but not uderef on Intel guests.
>
> The intel processors tested were the core2duo, i3 and i7.
>
> -- prometheanfire
>
Thanks for that info, it should go into the documentation I'm writing on
hardened+virt. I only tested the amd guests and assumed it was the same
for intel.
--
Anthony G. Basile, Ph.D.
Gentoo Developer
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2010-11-11 12:02 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-11-10 18:51 [gentoo-hardened] kvm on hardened (findings) Matthew Thode
2010-11-11 11:57 ` Anthony G. Basile
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox