1 |
G'day Andreas, |
2 |
|
3 |
Andreas Philipp wrote: |
4 |
> My server is already running xen-3.0.2 with a 64bit system in dom0. Now |
5 |
> I'm planning to build a domU (modified guest to export the "external" |
6 |
> ethernet interface to it) for an externally facing apache server. Till |
7 |
> now I've only got xen-sources and selinux running together but no pax |
8 |
> and/or grsec. |
9 |
|
10 |
I knocked this patch up about a week ago. It applies against xen-sources |
11 |
2.6.16.29 kernel (although it'll probably work with 2.6.16.31 too). I've |
12 |
been using it for almost a week in both dom0 and domU and it appears to |
13 |
work well. The PaX/GRSec part is based on a non-release patch for a |
14 |
2.6.16.18 kernel that was in grsecurity.net/~spender a few months ago. |
15 |
|
16 |
Just apply the patch after emerging xen-sources. I was planning on |
17 |
making a special ebuild for it when the xen 3.0.3 ebuilds hit the tree. |
18 |
|
19 |
Let me know how it goes. |
20 |
|
21 |
Cheers, |
22 |
|
23 |
Brad |