On Sun, 09 Aug 2009 15:25:01 -0400 basile <bas...@opensource.dyc.edu> wrote:
> On Sat, 2009-08-08 at 21:55 +0300, Yiannis wrote: > > On Sat, 08 Aug 2009 14:39:54 -0400 > > basile <bas...@opensource.dyc.edu> wrote: > > > > > Yiannis wrote: > > > > Hello, > > > > > > > > I am running hardened gentoo with the toolchain provided by the > > > > xake-toolchain overlay. I am looking for a way to use > > > > virtualization with my current config. I am aware of > > > > linux-vserver project which has grsecurity integration, but as > > > > far as I remember does not play well with rbac. Anyone that has > > > > a similar working config? > > > > > > > > Regards > > > > > > > > Yiannis > > > > > > > I run both i686 and amd64 as xen guests with the xake-toolchain > > > overlay and kernel hardened with grsec. Is this what you want? > > > > > > > If host's kernel is hardened then yes this is the case. Are you > > running pax+grsec in both host and guest os? > > No sorry, neither the kernel nor toolchain of the host are hardened. > I've never tried to harden a xen host, and I'm not sure what the > issues would be. > > So, if I get it right you are using xen-sources as a host and hardened-sources(pax+grsec) on guest. If it is the case do you know if it is possible to run this setup on a machine without vmx? I see that all the ebuilds from the main tree are masked. Are you using xen-sources from the overlay? How secure is this setup considered? I mean having the host os(xen-souces) only for running some instances of hardened-gentoo as guests is it the same(almost?) as running them on seperate physical pc's?
