1 |
On 09/17/14 08:04, Marcin Mirosław wrote: |
2 |
> W dniu 16.09.2014 o 14:34, "Tóth Attila" pisze: |
3 |
>> 2014.Szeptember 16.(K) 11:05 időpontban Marcin Mirosław ezt írta: |
4 |
>>> A few days ago I boot KVM host with hardened kernel. After some time I |
5 |
>>> noticed that usb passthrough from host to kvm guest doesn't work. Simply |
6 |
>>> sayoing guest didn't seen any usb device. After switching kernel on host |
7 |
>>> to gentoo-sources-{3.14.14,3.16.2} usb-passthrough works as I expect. I |
8 |
>>> didn't any related information in logs. |
9 |
>>> Does libvirt or grsec need special configuration to have such feature |
10 |
>>> working? |
11 |
>> |
12 |
>> I don't use KVM or libvirt, but I would suggest to check out your grsec |
13 |
>> logs for denials. |
14 |
>> Also there is a new capability introduced not so long ago: |
15 |
>> CAP_BLOCK_SUSPEND |
16 |
>> Some daemons and executables may complain - but in my case were |
17 |
>> functioning properly anyways. May be not related to your problem. |
18 |
> |
19 |
> Hi! |
20 |
> I don't use RBAC nor in kernel.log nor in dmesg nor in libvirt log I |
21 |
> didn't see any suspicious entries. |
22 |
> Regards, |
23 |
> Marcin |
24 |
> |
25 |
|
26 |
Was there an earlier version of hardened-sources which *did* work? |
27 |
|
28 |
Also, trust the menu options under grsecurity in Kconfig where it says |
29 |
virtualization etc etc. Some options are too strict for a virt |
30 |
environment. Having said that, though, if usb is the only thing not |
31 |
working, I suspect that maybe its some misconfiguration in the |
32 |
host/client Kconfigs for kvm not related to hardened. |
33 |
|
34 |
-- |
35 |
Anthony G. Basile, Ph. D. |
36 |
Chair of Information Technology |
37 |
D'Youville College |
38 |
Buffalo, NY 14201 |
39 |
(716) 829-8197 |