[grsec] grsec + xen or openvz
Sandino Araico Sánchez
sandino at sandino.net
Fri Apr 6 12:42:10 EDT 2007
Adam Majer wrote:
> Bernd Zeimetz wrote:
>
>> did anybody try to apply grsec to a xen or openVZ kernel lately?
>>
>> If so, does the kernel and virtualization work well?
>>
>
> It probably works much better with something like KVM or similar full
> virtualization solution instead of the more intrusive solutions like Xen
> or OpenVZ.
>
> I know that it works with linux vserver, but I guess that is not really
> virtualization more of a special chroot.
>
Linux-vserver is not virtualization but openVZ is neither. They are both
based on kernel-based process isolation.
I have never tried to patch openVZ kernels with grsec but patching
vanilla kernels with grsec and linux-vserver is easy.
Here's the grsec + vserver patch announced in the linux-vserver site:
http://people.linux-vserver.org/~harry/patch-2.6.19.7-vs2.2.0-grsec2.1.10-20070402.diff
It's not signed I don't know why. Perhaps harry is not interested in
signing his patches....
> - Adam
>
> _______________________________________________
> grsecurity mailing list
> grsecurity at grsecurity.net
> http://grsecurity.net/cgi-bin/mailman/listinfo/grsecurity
>
--
Sandino Araico Sa'nchez
edce71952773051c884f6a49cc194445 8a3ac99fbf88d0c58677ffd9706081bb5471b756
2bc1ad9b84e28ba8725ee0008c80a7f0 5945bcf00844d5a421f7b66e3c5c28467e48f2bc
--
2d188949024d886941f4dff4f500918d 510f47aeec377edb804439a0dae774b9d94269b9
0732340cb5d7e7e456e091f11ae3dcb1 f78a9751c2b8f4af0b56f9f175f20172c2c38847
More information about the grsecurity
mailing list