| 1 |
On 09/17/14 08:04, Marcin Mirosław wrote: |
| 2 |
> W dniu 16.09.2014 o 14:34, "Tóth Attila" pisze: |
| 3 |
>> 2014.Szeptember 16.(K) 11:05 időpontban Marcin Mirosław ezt írta: |
| 4 |
>>> A few days ago I boot KVM host with hardened kernel. After some time I |
| 5 |
>>> noticed that usb passthrough from host to kvm guest doesn't work. Simply |
| 6 |
>>> sayoing guest didn't seen any usb device. After switching kernel on host |
| 7 |
>>> to gentoo-sources-{3.14.14,3.16.2} usb-passthrough works as I expect. I |
| 8 |
>>> didn't any related information in logs. |
| 9 |
>>> Does libvirt or grsec need special configuration to have such feature |
| 10 |
>>> working? |
| 11 |
>> |
| 12 |
>> I don't use KVM or libvirt, but I would suggest to check out your grsec |
| 13 |
>> logs for denials. |
| 14 |
>> Also there is a new capability introduced not so long ago: |
| 15 |
>> CAP_BLOCK_SUSPEND |
| 16 |
>> Some daemons and executables may complain - but in my case were |
| 17 |
>> functioning properly anyways. May be not related to your problem. |
| 18 |
> |
| 19 |
> Hi! |
| 20 |
> I don't use RBAC nor in kernel.log nor in dmesg nor in libvirt log I |
| 21 |
> didn't see any suspicious entries. |
| 22 |
> Regards, |
| 23 |
> Marcin |
| 24 |
> |
| 25 |
|
| 26 |
Was there an earlier version of hardened-sources which *did* work? |
| 27 |
|
| 28 |
Also, trust the menu options under grsecurity in Kconfig where it says |
| 29 |
virtualization etc etc. Some options are too strict for a virt |
| 30 |
environment. Having said that, though, if usb is the only thing not |
| 31 |
working, I suspect that maybe its some misconfiguration in the |
| 32 |
host/client Kconfigs for kvm not related to hardened. |
| 33 |
|
| 34 |
-- |
| 35 |
Anthony G. Basile, Ph. D. |
| 36 |
Chair of Information Technology |
| 37 |
D'Youville College |
| 38 |
Buffalo, NY 14201 |
| 39 |
(716) 829-8197 |
Archives