grsecurity forums

[dunker]

When using menuconfig to make automatic settings for grsec, one of the points to configure is for "Virtualization Hardware", having either of two answers, namely, 'first-gen/no hardware virtualization' or ' 'ept/rvi processor support'. If I am installing this Linux kernel's OS as a virtual machine under KVM, which itself requires hardware virtualization to operate, but the cpu of the VM is not going to have hardware virtualization as an emulated attribute (i.e., it will be rather an i686 without this charecteristic), it is not perfectly clear to me how this question should be answered under these conditions. In other words, if I do not intend to emulate a cpu capable of having hardware virtualization flags, should I assume the setting for the grsec security configuration question should not include hardware virtualization, even though I do in fact have hardware virtualization in effect in order to make use of KVM?

[spender]

It's from the perspective of the host's CPU. You should thus enable the EPT/RVI support option.

-Brad

[dunker]

gracias