| 1 |
-----BEGIN PGP SIGNED MESSAGE----- |
| 2 |
Hash: SHA1 |
| 3 |
|
| 4 |
Hello everyone |
| 5 |
|
| 6 |
I am using hardened kernel with Xen patchset from |
| 7 |
http://ayuda.com.au/pub/xen/grsecurity/ on my box. |
| 8 |
When i have started this kernel, guests is not available through |
| 9 |
forwarded ports by ssh and 'forwarded' tomcat from one of guest boxes |
| 10 |
does not deliver start (or any other) page completely - seems that it |
| 11 |
hangs at 80-90 percent. Also one strange thing - when i`ll try to |
| 12 |
resolve any host from guest box i have timeout fail but i can ping NSes |
| 13 |
from guest and on host box with same NS all dns requests works. Iptables |
| 14 |
state restoring without any warnings in logs and its ruleset works fine |
| 15 |
with xen kernel from official portage tree. I am don`t test yes |
| 16 |
forwarding on hardened-only kernel with simular security options set for |
| 17 |
grsec and pax. I want to work with pax+grsec+xen kernel because host box |
| 18 |
config looks like VPS in datacenter - many xen instances with many users |
| 19 |
which do not know about security things. |
| 20 |
|
| 21 |
- -- |
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
WBR, Andrei Korolyov |
| 26 |
-----BEGIN PGP SIGNATURE----- |
| 27 |
Version: GnuPG v2.0.7 (GNU/Linux) |
| 28 |
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org |
| 29 |
|
| 30 |
iD8DBQFH9P7QgtwJKCS8W+ERAt1GAKD4hWbnh0WTsSHLSDgKkdkSslJUagCg2mi9 |
| 31 |
CXFwJJaOI5lAGocIS9GSNew= |
| 32 |
=lAwk |
| 33 |
-----END PGP SIGNATURE----- |
| 34 |
|
| 35 |
-- |
| 36 |
gentoo-hardened@l.g.o mailing list |
Archives