On 01/15/2012 08:36 AM, Tanstaafl wrote:
Virtualization is iffy if you're not careful which options you enable in
the kernel.
I've been meaning to as a similar (but reverse) question - which I'll do
in a separate thread later, but...
Your reference to 'virtualizationis iffy' above... do you mean if you
are going to run VMs on a hardened HOST? Or run a hardened machine as a
VM? I had a problem trying to switch my Linode VM to the hardened
profile, and ended up giving up on it...
I was talking about a hardened host. Fortunately, newer kernels will
have a preset "virtualization" profile that you can select to set only
the safe options. See this thread for the announcement:
http://archives.gentoo.org/gentoo-hardened/msg_4bfe02921ffff3c94d7ee59cdf8f3f38.xml
I personally have never run a hardened guest, but in that post he
alludes to the fact there may also be issues there, "...but in some
cases applies even for the guest."
In either case, you would want to stick to the stable kernels, since new
problems do crop up occasionally as new features are introduced.
