[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] Hardened Xen

To: xen-users@xxxxxxxxxxxxxxxxxxx
From: Brad Plant <bplant@xxxxxxxxxxxxxx>
Date: Mon, 18 Dec 2006 21:01:02 +1100
Cc: Alexander@xxxxxxxxxxxx
Delivery-date: Mon, 18 Dec 2006 02:01:43 -0800
List-id: Xen user discussion <xen-users.lists.xensource.com>

On Mon, 18 Dec 2006 10:55:26 +0100
Alexander Thiem <Alexander@xxxxxxxxxxxx> wrote:

> And another question...
> 
> I did not found anything on a working kernel with grsecurity/pax and
> xen patches at the same time.
> So what about using a hardened kernel in the domU while using a
> normal kernel in dom0 - does this make any sense?
> The dom0 will only be used to operate the guests - and nothing more. 
> Will this be only placebo security?

Try the attached. I've been running this patch for over a month on
both domU and dom0. paxtest indicates that PaX is working, but I haven't
tried to enable the RBAC system though. The patch was for 2.6.16.29,
but it might apply to a later 2.6.16 kernel. I just haven't tried.

Cheers,

Brad

Attachment: grsec-2.1.9-2.6.16.29-xen-3.0.3.patch.gz
Description: GNU Zip compressed data

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

Follow-Ups:
- Re: [Xen-users] Hardened Xen
  - From: Alexander Thiem

References:
- [Xen-users] Hardened Xen
  - From: Alexander Thiem

Prev by Date: Re: [Xen-users] 64 or 32 bit dom0?
Next by Date: Re: [Xen-users] Hardened Xen
Previous by thread: [Xen-users] Hardened Xen
Next by thread: Re: [Xen-users] Hardened Xen
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.