And another question... I did not found anything on a working kernel with grsecurity/pax and xen patches at the same time. So what about using a hardened kernel in the domU while using a normal kernel in dom0 - does this make any sense? The dom0 will only be used to operate the guests - and nothing more. Will this be only placebo security? _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
On Mon, 18 Dec 2006 10:55:26 +0100 Alexander Thiem <Alexander@Thiem-net.de> wrote:> And another question... > > I did not found anything on a working kernel with grsecurity/pax and > xen patches at the same time. > So what about using a hardened kernel in the domU while using a > normal kernel in dom0 - does this make any sense? > The dom0 will only be used to operate the guests - and nothing more. > Will this be only placebo security?Try the attached. I''ve been running this patch for over a month on both domU and dom0. paxtest indicates that PaX is working, but I haven''t tried to enable the RBAC system though. The patch was for 2.6.16.29, but it might apply to a later 2.6.16 kernel. I just haven''t tried. Cheers, Brad _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Brad Plant wrote:> The patch was for 2.6.16.29, > but it might apply to a later 2.6.16 kernel. I just haven''t tried.There are no newer xen kernel than 2.6.16.x, right? _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
On Mon, 18 Dec 2006 11:09:37 +0100 Alexander Thiem <Alexander@Thiem-net.de> wrote:> Brad Plant wrote: > > The patch was for 2.6.16.29, > > but it might apply to a later 2.6.16 kernel. I just haven''t tried. > > There are no newer xen kernel than 2.6.16.x, right?The xen devs release a patch for the 2.6.16 series, but some distros (Redhat and Debian that I know of) have ported it to 2.6.18. Cheers, Brad _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users