| 1 |
G'day Andreas, |
| 2 |
|
| 3 |
Andreas Philipp wrote: |
| 4 |
> My server is already running xen-3.0.2 with a 64bit system in dom0. Now |
| 5 |
> I'm planning to build a domU (modified guest to export the "external" |
| 6 |
> ethernet interface to it) for an externally facing apache server. Till |
| 7 |
> now I've only got xen-sources and selinux running together but no pax |
| 8 |
> and/or grsec. |
| 9 |
|
| 10 |
I knocked this patch up about a week ago. It applies against xen-sources |
| 11 |
2.6.16.29 kernel (although it'll probably work with 2.6.16.31 too). I've |
| 12 |
been using it for almost a week in both dom0 and domU and it appears to |
| 13 |
work well. The PaX/GRSec part is based on a non-release patch for a |
| 14 |
2.6.16.18 kernel that was in grsecurity.net/~spender a few months ago. |
| 15 |
|
| 16 |
Just apply the patch after emerging xen-sources. I was planning on |
| 17 |
making a special ebuild for it when the xen 3.0.3 ebuilds hit the tree. |
| 18 |
|
| 19 |
Let me know how it goes. |
| 20 |
|
| 21 |
Cheers, |
| 22 |
|
| 23 |
Brad |
Archives