Just trying to get my head around some notes on the gentoo list about hardened kernels. Some notes that I have seen suggest that xen does not currently "work" with grsec in the guest kernels? If not, then does the xen patchset currently apply "cleanly" to the hardened patchset? The motivation is that right now there are a few ways to harden a machine, including splitting services via vserver/xen, etc or hardening via grsec, selinux, etc. It would be nice to be able to combine these to get the best of both approaches and not have to choose. FWIW: I did do a manual merge of the vserver and grsec patchsets, but I am not totally happy that the end result necessarily does what you would expect... Ed W ------------------------------------------------------- This SF.net email is sponsored by Microsoft Mobile & Embedded DevCon 2005 Attend MEDC 2005 May 9-12 in Vegas. Learn more about the latest Windows Embedded(r) & Windows Mobile(tm) platforms, applications & content. Register by 3/29 & save $300 http://ads.osdn.com/?ad_id=6883&alloc_id=15149&op=click _______________________________________________ Xen-devel mailing list Xen-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/xen-devel
On Thu, 24 Mar 2005, Ed W wrote:> The motivation is that right now there are a few ways to harden a > machine, including splitting services via vserver/xen, etc or hardening > via grsec, selinux, etc. It would be nice to be able to combine these > to get the best of both approaches and not have to choose.I''m not sure if grsec has been ported yet, but in the Fedora Xen kernel I have both selinux and exec-shield working. -- "Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it." - Brian W. Kernighan ------------------------------------------------------- This SF.net email is sponsored by Microsoft Mobile & Embedded DevCon 2005 Attend MEDC 2005 May 9-12 in Vegas. Learn more about the latest Windows Embedded(r) & Windows Mobile(tm) platforms, applications & content. Register by 3/29 & save $300 http://ads.osdn.com/?ad_id=6883&alloc_id=15149&op=click _______________________________________________ Xen-devel mailing list Xen-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/xen-devel