>Let me think - you refer to the SKAS3 patch merged with grsec? > > > No, i was not able to apply both, skas and grsec, so i used gentoo-sources-2.6.12-r10 patched with skas3, no grsec.
>I looked into this time ago on request, after somebody posted a merge, but I >deadlocked on a problem for conceptually proper handling of some per-process >settings. > >However, I remember that probably the concern wouldn't be triggered in >practice by UML usage, and that possibly it was more theoretical than >practical. So it may go on my TODO list, but it's very long. > >Instead, another possibility is the use of SELinux - I say that because >Antoine Martin some time ago has written a SELinux policy and possibly he's >going to share that, on request, after some tidyup (that's possibly needed). > > SELinux is on my tolearn-list since a while, yet, but no time at the moment... but an entry on wiki about SELinux would be great, that's no question :) doesn't have to be beautiful, just somehow readable */me grin to Antoine* >>if there's anything i can do to help resolve this please let me know and >>i'll do what i can, because i think it would be a great thing to let uml >>run on hardened systems. >> >> > >Ok, let's focus on what's interesting - since a host crash is due to the host >kernel, let's focus on that and do differential analysis. > > good to know, as i was not sure we're to start at all >You have a > >*) 2.6.12 (the bug could have been fixed) > > >*) with SKAS (it may be at fault) > > too insecure, so isn't really an option >*) compiled with hardened toolchain (you may have discovered a >miscompilation). > > >I suggest trying to change these things in this order... > > will do so over the weekend and report my results greets, chris ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click _______________________________________________ User-mode-linux-user mailing list User-mode-linux-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/user-mode-linux-user
