1 |
Hi Marcel, |
2 |
|
3 |
On Tue, 17 Jul 2007 15:44:30 +0200 |
4 |
Marcel Meyer <meyerm@××××××.de> wrote: |
5 |
> Does anybody here has experiences when it comes to 64bit and a |
6 |
> hardened gentoo system (no SELinux, just grsecurity and the default |
7 |
> stuff ;-) )? |
8 |
> |
9 |
> I would like to stay with "stable/amd64" and not "testing/~amd64". So |
10 |
> can I assume everything works as flawlessly as with "x86"? Or should |
11 |
> I be careful and stay with 32-bit "x86"? This would be my first amd64 |
12 |
> system so asking in advance seems to be the less nerve-wracking way |
13 |
> *g* |
14 |
|
15 |
I am running about about 20 machines here (including physical and virtual) with amd64/PaX/grsecurity/hardened/xen. All on amd64 (except for the odd package that I flipped to ~amd64 such as xen which isn't marked stable yet). |
16 |
|
17 |
> - XEN needs a lot of patching and is difficult to patch together with |
18 |
> grsecurity |
19 |
|
20 |
I have attached my ebuild and patches that I use to create my kernels (hardened-xen-sources). It uses xen 3.1.0 and grsecurity version 2.1.9, so make sure you install xen-tools-3.1.0 (look in bug.gentoo.org) and gradm-2.1.9. Btw, PATCH_URI points to an internal machine here just in case you were wondering. |
21 |
|
22 |
One more thing, this patch _only_ works with x86_64. |
23 |
|
24 |
Cheers, |
25 |
|
26 |
Brad |