[grsec] virtualisation with grsecurity
John Anderson
johnha at ccbill.com
Thu Aug 24 22:09:48 EDT 2006
>After looking at some alternatives, xen and openvz or its commercial
>counterpart virtuozzo seemed to be the most useful projects. As far as I
>understood the ML-archive/forums, there was already someone working on
>getting xen and grsecurity to work but only on AMD64 and finally stopped
>until xen gets into the kernel (whenever that will be ;-) ).
I've worked on it on an off, but I still can't seem to get i386 working w/ Xen. I'm running GRSecurity 2.1.9 and Xen 3.0.2-testing in production and they are doing quite well and are stable.
>On the other
>hand I already found some people trying to patch openvz and pax/grsecurity
>into one hardened kernel. Will this work in the future? The PAX-team wrote
>into the forums, they are only supporting the current kernel while openvz
>wants to keep some stable one and only changes it quite infrequently.
Locking yourself into an oh-so-soon antiquated kernel could hurt future flexibility. Things like clustered file systems, new breeds of device drivers, etc may not be available in the ol' faithful stable kernel for quite some time. Not to mention some features that might be quite useful and cost saving but have yet to be thought up.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://grsecurity.net/pipermail/grsecurity/attachments/20060824/f71d1504/attachment.htm
More information about the grsecurity
mailing list