| 1 |
Hi Marcel, |
| 2 |
|
| 3 |
On Tue, 17 Jul 2007 15:44:30 +0200 |
| 4 |
Marcel Meyer <meyerm@××××××.de> wrote: |
| 5 |
> Does anybody here has experiences when it comes to 64bit and a |
| 6 |
> hardened gentoo system (no SELinux, just grsecurity and the default |
| 7 |
> stuff ;-) )? |
| 8 |
> |
| 9 |
> I would like to stay with "stable/amd64" and not "testing/~amd64". So |
| 10 |
> can I assume everything works as flawlessly as with "x86"? Or should |
| 11 |
> I be careful and stay with 32-bit "x86"? This would be my first amd64 |
| 12 |
> system so asking in advance seems to be the less nerve-wracking way |
| 13 |
> *g* |
| 14 |
|
| 15 |
I am running about about 20 machines here (including physical and virtual) with amd64/PaX/grsecurity/hardened/xen. All on amd64 (except for the odd package that I flipped to ~amd64 such as xen which isn't marked stable yet). |
| 16 |
|
| 17 |
> - XEN needs a lot of patching and is difficult to patch together with |
| 18 |
> grsecurity |
| 19 |
|
| 20 |
I have attached my ebuild and patches that I use to create my kernels (hardened-xen-sources). It uses xen 3.1.0 and grsecurity version 2.1.9, so make sure you install xen-tools-3.1.0 (look in bug.gentoo.org) and gradm-2.1.9. Btw, PATCH_URI points to an internal machine here just in case you were wondering. |
| 21 |
|
| 22 |
One more thing, this patch _only_ works with x86_64. |
| 23 |
|
| 24 |
Cheers, |
| 25 |
|
| 26 |
Brad |
Archives