Applying Brad''s patch directly to the kernel doesn''t work,
since Xen
then overwrites several of the patched files with it''s own versions.
I''m working on porting Brad''s patch to Xen. Currently only
X86-64
paravirutualized guests work. i386 still needs a little work before it
will boot.
I have a thread on the grsecurity forums that links to the patches as
well as instructions on applying them. The grsec forums seem to be down
right now.
Let me know if you try to use this and if you have any luck. Also, if
you do use x86_64 and try this out, please get the paxtest suite from
the PAX team homepage and mail me the output of "paxtest blackhat".
It''s all development, so don''t use it in production anywhere!
Good luck
-----Original Message-----
From: xen-users-bounces@lists.xensource.com
[mailto:xen-users-bounces@lists.xensource.com] On Behalf Of Ugo PARSI
Sent: Thursday, June 29, 2006 4:06 PM
To: xen-users@lists.xensource.com
Subject: [Xen-users] Xen with Grsecurity
Hello,
Has someone ever tried matching Xen and Grsecurity ?
It''s a security patch for the linux kernel that I really appreciate...
I could try to apply it on the Xen kernel, but I''m kinda scared that
it could break a few things.
Especially since Xen (in para-virtualization mode at least) is doing
stuff with the memory / MMU and Grsecurity as far as I know is also
doing stuff on the memory...
So I don''t know if it''s ''safe'' to use...
Any feedback would be greatly appreciated :)
Thanks a lot,
Ugo PARSI
--
An apple a day, keeps the doctor away
_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users
_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users