grsecurity forums

Posted: **Tue Mar 01, 2011 10:36 am**

Hello everyone.

I have a system Gentoo Hardened
Linux kernel 2.6.37
gcc version 4.5.1 (Gentoo Hardened 4.5.1-r1 p1.4, pie-0.4.5)
The whole system works smoothly, without too much trouble except for VirtualBox.
I tried kernels 2.6.36 and 2.6.37, and all
VirtualBox versions - 3.2.* and 4.0 .*

Virtual Machine is started (example Android3, Ubuntu Natty, & others):

Code: Select all: VBoxManage startvm Droid3 Oracle VM VirtualBox Command Line Management Interface Version 3.2.12 (C) 2005-2010 Oracle Corporation All rights reserved. Waiting for the VM to power on... VM has been successfully started.

but in reality, VM is crashed:

Code: Select all: 2011-03-01T15:29:52.125435+01:00 localhost -bash: HISTORY: PID=10625 UID=1001 VBoxManage startvm Droid3 2011-03-01T15:29:52.194338+01:00 localhost kernel: [ 970.415378] grsec: denied resource overstep by requesting 31 for RLIMIT_NICE against limit 30 for /opt/VirtualBox/VBoxManage[VBoxManage:10653] uid/euid:1001/1001 gid/egid:1001/1001, parent /bin/bash[bash:10625] uid/euid:1001/1001 gid/egid:1001/1001 2011-03-01T15:29:52.196329+01:00 localhost kernel: [ 970.417251] grsec: denied kernel module auto-load of net-pf-10 by /opt/VirtualBox/VBoxManage[VBoxManage:10641] uid/euid:1001/1001 gid/egid:1001/1001, parent /bin/bash[bash:10625] uid/euid:1001/1001 gid/egid:1001/1001 2011-03-01T15:29:52.209357+01:00 localhost kernel: [ 970.430254] grsec: denied resource overstep by requesting 31 for RLIMIT_NICE against limit 30 for /opt/VirtualBox/VBoxXPCOMIPCD[VBoxXPCOMIPCD:10657] uid/euid:1001/1001 gid/egid:1001/1001, parent /opt/VirtualBox/VBoxManage[VBoxManage:10655] uid/euid:1001/1001 gid/egid:1001/1001 2011-03-01T15:29:52.209376+01:00 localhost kernel: [ 970.430575] grsec: denied kernel module auto-load of net-pf-10 by /opt/VirtualBox/VBoxXPCOMIPCD[VBoxXPCOMIPCD:10656] uid/euid:1001/1001 gid/egid:1001/1001, parent /opt/VirtualBox/VBoxManage[VBoxManage:10655] uid/euid:1001/1001 gid/egid:1001/1001 2011-03-01T15:29:52.229338+01:00 localhost kernel: [ 970.450255] grsec: denied resource overstep by requesting 31 for RLIMIT_NICE against limit 30 for /opt/VirtualBox/VBoxSVC[VBoxSVC:10662] uid/euid:1001/1001 gid/egid:1001/1001, parent /opt/VirtualBox/VBoxManage[VBoxManage:10641] uid/euid:1001/1001 gid/egid:1001/1001 2011-03-01T15:29:52.242351+01:00 localhost kernel: [ 970.463265] grsec: denied resource overstep by requesting 31 for RLIMIT_NICE against limit 30 for /opt/VirtualBox/VBoxSVC[VBoxSVC:10666] uid/euid:1001/1001 gid/egid:1001/1001, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0 2011-03-01T15:29:52.242374+01:00 localhost kernel: [ 970.463737] grsec: denied kernel module auto-load of net-pf-10 by /opt/VirtualBox/VBoxSVC[VBoxSVC:10665] uid/euid:1001/1001 gid/egid:1001/1001, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0 2011-03-01T15:29:52.424341+01:00 localhost kernel: [ 970.645266] grsec: denied resource overstep by requesting 31 for RLIMIT_NICE against limit 30 for /opt/VirtualBox/VBoxTestOGL[VBoxTestOGL:10674] uid/euid:1001/1001 gid/egid:1001/1001, parent /opt/VirtualBox/VBoxSVC[VBoxSVC:10669] uid/euid:1001/1001 gid/egid:1001/1001 2011-03-01T15:29:52.583344+01:00 localhost kernel: [ 970.804265] grsec: denied resource overstep by requesting 31 for RLIMIT_NICE against limit 30 for /opt/VirtualBox/VirtualBox[VirtualBox:10679] uid/euid:1001/1001 gid/egid:1001/1001, parent /opt/VirtualBox/VBoxSVC[VBoxSVC:10669] uid/euid:1001/1001 gid/egid:1001/1001 2011-03-01T15:29:52.759333+01:00 localhost kernel: [ 970.980512] grsec: denied kernel module auto-load of net-pf-10 by /opt/VirtualBox/VirtualBox[VirtualBox:10678] uid/euid:1001/1001 gid/egid:1001/1001, parent /opt/VirtualBox/VBoxSVC[VBoxSVC:10669] uid/euid:1001/1001 gid/egid:1001/1001 2011-03-01T15:29:53.061342+01:00 localhost kernel: [ 971.282322] grsec: denied resource overstep by requesting 31 for RLIMIT_NICE against limit 30 for /opt/VirtualBox/VBoxNetDHCP[VBoxNetDHCP:10692] uid/euid:1001/1001 gid/egid:1001/1001, parent /opt/VirtualBox/VBoxSVC[VBoxSVC:10683] uid/euid:1001/1001 gid/egid:1001/1001 2011-03-01T15:29:53.084347+01:00 localhost kernel: [ 971.305424] device vboxnet0 entered promiscuous mode 2011-03-01T15:30:16.361326+01:00 localhost kernel: [ 994.582076] device vboxnet0 left promiscuous mode

Virtualbox error log:
http://pastebin.com/uhsFvJS7
http://pastebin.com/pdG8PYxn

My current config grsec / pax:
http://pastebin.com/U1kuxPUx
My whole kernel config - current:
http://pastebin.com/wYWF3RDH

My current kernel was created tuxonice-sources-2.6.37 - Gentoo overlay,
patch:
Autogroup: https://lkml.org/lkml/2010/11/30/121
Grsecurity: grsecurity-2.2.1-6.2.1937-201101172105.patch
Layer7, IMQ.

Therefore, the question is:
Do you run VirtualBox Virtual Machine requires some configuration changes,
or is it completely impossible?

Yours

My native language is Polish, sorry for bad English.

EDIT:
Sysctl config:

Code: Select all: sysctl -a | egrep 'grsec|pax' kernel.grsecurity.linking_restrictions = 1 kernel.grsecurity.fifo_restrictions = 1 kernel.grsecurity.execve_limiting = 1 kernel.grsecurity.ip_blackhole = 1 kernel.grsecurity.lastack_retries = 4 kernel.grsecurity.exec_logging = 0 kernel.grsecurity.signal_logging = 1 kernel.grsecurity.forkfail_logging = 1 kernel.grsecurity.timechange_logging = 1 kernel.grsecurity.chroot_deny_shmat = 1 kernel.grsecurity.chroot_deny_unix = 1 kernel.grsecurity.chroot_deny_mount = 1 kernel.grsecurity.chroot_deny_fchdir = 1 kernel.grsecurity.chroot_deny_chroot = 1 kernel.grsecurity.chroot_deny_pivot = 1 kernel.grsecurity.chroot_enforce_chdir = 1 kernel.grsecurity.chroot_deny_chmod = 1 kernel.grsecurity.chroot_deny_mknod = 1 kernel.grsecurity.chroot_restrict_nice = 1 kernel.grsecurity.chroot_execlog = 1 kernel.grsecurity.chroot_caps = 1 kernel.grsecurity.chroot_deny_sysctl = 1 kernel.grsecurity.tpe = 1 kernel.grsecurity.tpe_gid = 100 kernel.grsecurity.tpe_invert = 1 kernel.grsecurity.tpe_restrict_all = 0 kernel.grsecurity.socket_all = 1 kernel.grsecurity.socket_all_gid = 6100 kernel.grsecurity.socket_client = 1 kernel.grsecurity.socket_client_gid = 6200 kernel.grsecurity.socket_server = 1 kernel.grsecurity.socket_server_gid = 6300 kernel.grsecurity.audit_group = 1 kernel.grsecurity.audit_gid = 100 kernel.grsecurity.audit_chdir = 0 kernel.grsecurity.audit_mount = 0 kernel.grsecurity.dmesg = 1 kernel.grsecurity.chroot_findtask = 1 kernel.grsecurity.resource_logging = 1 kernel.grsecurity.audit_ptrace = 1 kernel.grsecurity.harden_ptrace = 1 kernel.grsecurity.grsec_lock = 0 kernel.grsecurity.romount_protect = 0 kernel.pax.softmode = 0

Posted: **Tue Mar 01, 2011 4:58 pm**

Several options are preventing virtualbox to work:

Code: Select all: grsec: denied resource overstep by requesting 31 for RLIMIT_NICE against limit 30 for /opt/VirtualBox/VBoxManage[VBoxManage:10653]

Use paxctl to change the settings so VBoxManager can work. I'd try "paxctl -cm /opt/VBoxManage" or better "paxctl -zm /opt/VBoxManage". Remember this is basically lowering your security level.
See for other options either the grsecurity wiki or the paxctl manpage.

Code: Select all: grsec: denied kernel module auto-load of net-pf-10 by /opt/VirtualBox/VBoxManage[VBoxManage:10641]

Make sure you have the modules compiled for your current kernel. Load them before you start VirtualBox. Remember that you are loading 3rd party modules into your kernel with all consequences.

Posted: **Tue Mar 01, 2011 6:13 pm**

Thanks

My lsmod:

Code: Select all: Module Size Used by vboxnetflt 12297 0 vboxnetadp 5337 0 vboxdrv 127709 2 vboxnetflt,vboxnetadp dazukofs 25502 1 ebtable_nat 1354 0 ebtables 12838 1 ebtable_nat ipt_REDIRECT 917 1 ipt_set 992 0 ipt_SET 1112 0 ip_set 9780 2 ipt_set,ipt_SET xt_CHAOS 1628 0 xt_TARPIT 1624 2 xt_DELUDE 1376 2 xt_STEAL 812 3 xt_lscan 1900 1 xt_geoip 2176 0 xt_SYSRQ 2552 1 compat_xtables 1752 6 ipt_SET,xt_CHAOS,xt_TARPIT,xt_DELUDE,xt_STEAL,xt_SYSRQ nvidia 9227549 38 cx22702 3653 1 cx88_dvb 17492 0 videobuf_dvb 3654 1 cx88_dvb dvb_core 68821 2 cx88_dvb,videobuf_dvb tuner_simple 9569 3 tuner_types 7709 1 tuner_simple cx8802 9980 1 cx88_dvb tea5767 4640 0 cx8800 21443 1 cx88_alsa 6569 1 tda9887 7045 2 tda8290 8133 0 cx88xx 61404 4 cx88_dvb,cx8802,cx8800,cx88_alsa bttv 90556 0 tuner 14506 4 i2c_algo_bit 3609 2 cx88xx,bttv v4l2_common 5334 4 cx8800,cx88xx,tuner,bttv ir_common 3121 2 cx88xx,bttv videodev 49283 6 cx8800,cx88xx,tuner,bttv,v4l2_common ir_core 11744 3 cx88xx,bttv,ir_common v4l1_compat 11048 1 videodev videobuf_dma_sg 6701 6 cx88_dvb,cx8802,cx8800,cx88_alsa,cx88xx,bttv tveeprom 9701 2 cx88xx,bttv videobuf_core 11688 6 videobuf_dvb,cx8802,cx8800,cx88xx,bttv,videobuf_dma_sg btcx_risc 2451 5 cx8802,cx8800,cx88_alsa,cx88xx,bttv snd_bt87x 7387 0

Code: Select all: egrep -v '#|^$' /etc/conf.d/modules modules="${modules} nvidia dazukofs compat_xtables xt_SYSRQ xt_geoip xt_lscan xt_STEAL xt_DELUDE xt_TARPIT xt_CHAOS ipt_SET vboxdrv vboxnetflt vboxnetadp"

Code: Select all: paxctl -v VBoxNetAdpCtl VBoxSDL VBoxNetDHCP VBoxHeadless VBoxManage PaX control v0.5 Copyright 2004,2005,2006,2007 PaX Team <pageexec@freemail.hu> - PaX flags: ---s-m-x-e-r [VBoxNetAdpCtl] SEGMEXEC is disabled MPROTECT is disabled RANDEXEC is disabled EMUTRAMP is disabled RANDMMAP is disabled - PaX flags: ---s-m-x-e-r [VBoxSDL] SEGMEXEC is disabled MPROTECT is disabled RANDEXEC is disabled EMUTRAMP is disabled RANDMMAP is disabled - PaX flags: ---s-m-x-e-r [VBoxNetDHCP] SEGMEXEC is disabled MPROTECT is disabled RANDEXEC is disabled EMUTRAMP is disabled RANDMMAP is disabled - PaX flags: ---s-m-x-e-r [VBoxHeadless] SEGMEXEC is disabled MPROTECT is disabled RANDEXEC is disabled EMUTRAMP is disabled RANDMMAP is disabled - PaX flags: ---s-m-x-e-r [VBoxManage] SEGMEXEC is disabled MPROTECT is disabled RANDEXEC is disabled EMUTRAMP is disabled RANDMMAP is disabled

Virtualbox error log:

Code: Select all: 00:00:13.195 ********************* End of statistics ********************** 00:00:13.195 VMSetError: /home/vbox/tinderbox/3.2-lnx32-rel/src/VBox/VMM/MM.cpp(684) int MMR3AdjustFixedReservation(VM*, int32_t, const char*); rc=VERR_INTERNAL_ERROR_3 00:00:13.195 VMSetError: Failed to reserve physical memory (0x2404 -> 0x2400; VMMDev Heap) 00:00:13.197 VMSetError: /home/vbox/tinderbox/3.2-lnx32-rel/src/VBox/VMM/MM.cpp(684) int MMR3AdjustFixedReservation(VM*, int32_t, const char*); rc=VERR_INTERNAL_ERROR_3 00:00:13.197 VMSetError: Failed to reserve physical memory (0x2404 -> 0x2004; VMMDev) 00:00:13.217 VMSetError: /home/vbox/tinderbox/3.2-lnx32-rel/src/VBox/VMM/MM.cpp(684) int MMR3AdjustFixedReservation(VM*, int32_t, const char*); rc=VERR_INTERNAL_ERROR_3 00:00:13.217 VMSetError: Failed to reserve physical memory (0x2404 -> 0x404; VRam) 00:00:13.220 NAT: zone(nm:mbuf, used:0) 00:00:13.220 NAT: zone(nm:mbuf_cluster, used:0) 00:00:13.220 NAT: zone(nm:mbuf_packet, used:0) 00:00:13.220 NAT: zone(nm:mbuf_jumbo_pagesize, used:0) 00:00:13.220 NAT: zone(nm:mbuf_jumbo_9k, used:0) 00:00:13.220 NAT: zone(nm:mbuf_jumbo_16k, used:0) 00:00:13.222 VMMR3Term: R0 term failed, rc=VERR_INTERNAL_ERROR_3 (-227) - Internal error no. 3.. (warning) 00:00:13.227 Changing the VM state from 'DESTROYING' to 'TERMINATED'.

in /var/log/messages:

Code: Select all: 2011-03-01T23:26:11.184435+01:00 localhost -bash: HISTORY: PID=32583 UID=1001 VBoxManage startvm Droid3 2011-03-01T23:26:11.233338+01:00 localhost kernel: [29549.454809] grsec: denied resource overstep by requesting 31 for RLIMIT_NICE against limit 30 for /opt/VirtualBox/VBoxManage[VBoxManage:32619] uid/euid:1001/1001 gid/egid:1001/1001, parent /bin/bash[bash:32583] uid/euid:1001/1001 gid/egid:1001/1001 2011-03-01T23:26:11.234340+01:00 localhost kernel: [29549.455337] grsec: denied kernel module auto-load of net-pf-10 by /opt/VirtualBox/VBoxManage[VBoxManage:32607] uid/euid:1001/1001 gid/egid:1001/1001, parent /bin/bash[bash:32583] uid/euid:1001/1001 gid/egid:1001/1001 2011-03-01T23:26:11.247360+01:00 localhost kernel: [29549.468508] grsec: denied resource overstep by requesting 31 for RLIMIT_NICE against limit 30 for /opt/VirtualBox/VBoxXPCOMIPCD[VBoxXPCOMIPCD:32623] uid/euid:1001/1001 gid/egid:1001/1001, parent /opt/VirtualBox/VBoxManage[VBoxManage:32621] uid/euid:1001/1001 gid/egid:1001/1001 2011-03-01T23:26:11.247385+01:00 localhost kernel: [29549.468832] grsec: denied kernel module auto-load of net-pf-10 by /opt/VirtualBox/VBoxXPCOMIPCD[VBoxXPCOMIPCD:32622] uid/euid:1001/1001 gid/egid:1001/1001, parent /opt/VirtualBox/VBoxManage[VBoxManage:32621] uid/euid:1001/1001 gid/egid:1001/1001 2011-03-01T23:26:11.268338+01:00 localhost kernel: [29549.489064] grsec: denied resource overstep by requesting 31 for RLIMIT_NICE against limit 30 for /opt/VirtualBox/VBoxSVC[VBoxSVC:32628] uid/euid:1001/1001 gid/egid:1001/1001, parent /opt/VirtualBox/VBoxManage[VBoxManage:32607] uid/euid:1001/1001 gid/egid:1001/1001 2011-03-01T23:26:11.280333+01:00 localhost kernel: [29549.501711] grsec: denied resource overstep by requesting 31 for RLIMIT_NICE against limit 30 for /opt/VirtualBox/VBoxSVC[VBoxSVC:32632] uid/euid:1001/1001 gid/egid:1001/1001, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0 2011-03-01T23:26:11.281333+01:00 localhost kernel: [29549.502415] grsec: denied kernel module auto-load of net-pf-10 by /opt/VirtualBox/VBoxSVC[VBoxSVC:32631] uid/euid:1001/1001 gid/egid:1001/1001, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0 2011-03-01T23:26:11.463335+01:00 localhost kernel: [29549.684952] grsec: denied resource overstep by requesting 31 for RLIMIT_NICE against limit 30 for /opt/VirtualBox/VBoxTestOGL[VBoxTestOGL:32640] uid/euid:1001/1001 gid/egid:1001/1001, parent /opt/VirtualBox/VBoxSVC[VBoxSVC:32635] uid/euid:1001/1001 gid/egid:1001/1001 2011-03-01T23:26:11.627341+01:00 localhost kernel: [29549.848126] grsec: denied resource overstep by requesting 31 for RLIMIT_NICE against limit 30 for /opt/VirtualBox/VirtualBox[VirtualBox:32645] uid/euid:1001/1001 gid/egid:1001/1001, parent /opt/VirtualBox/VBoxSVC[VBoxSVC:32635] uid/euid:1001/1001 gid/egid:1001/1001 2011-03-01T23:26:11.807337+01:00 localhost kernel: [29550.028231] grsec: denied kernel module auto-load of net-pf-10 by /opt/VirtualBox/VirtualBox[VirtualBox:32644] uid/euid:1001/1001 gid/egid:1001/1001, parent /opt/VirtualBox/VBoxSVC[VBoxSVC:32635] uid/euid:1001/1001 gid/egid:1001/1001 2011-03-01T23:26:12.137335+01:00 localhost kernel: [29550.358902] grsec: denied resource overstep by requesting 31 for RLIMIT_NICE against limit 30 for /opt/VirtualBox/VBoxNetDHCP[VBoxNetDHCP:32658] uid/euid:1001/1001 gid/egid:1001/1001, parent /opt/VirtualBox/VBoxSVC[VBoxSVC:32650] uid/euid:1001/1001 gid/egid:1001/1001 2011-03-01T23:26:12.160327+01:00 localhost kernel: [29550.381513] device vboxnet0 entered promiscuous mode 2011-03-01T23:26:39.910320+01:00 localhost kernel: [29578.131049] device vboxnet0 left promiscuous mode 2011-03-01T23:26:55.376342+01:00 localhost kernel: [29593.597885] grsec: denied resource overstep by requesting 31 for RLIMIT_NICE against limit 30 for /opt/VirtualBox/VBoxManage[VBoxManage:32748] uid/euid:1001/1001 gid/egid:1001/1001, parent /bin/bash[bash:32583] uid/euid:1001/1001 gid/egid:1001/1001 2011-03-01T23:26:55.377391+01:00 localhost kernel: [29593.598535] grsec: denied kernel module auto-load of net-pf-10 by /opt/VirtualBox/VBoxManage[VBoxManage:32736] uid/euid:1001/1001 gid/egid:1001/1001, parent /bin/bash[bash:32583] uid/euid:1001/1001 gid/egid:1001/1001 2011-03-01T23:26:55.390338+01:00 localhost kernel: [29593.611944] grsec: denied resource overstep by requesting 31 for RLIMIT_NICE against limit 30 for /opt/VirtualBox/VBoxXPCOMIPCD[VBoxXPCOMIPCD:32752] uid/euid:1001/1001 gid/egid:1001/1001, parent /opt/VirtualBox/VBoxManage[VBoxManage:32750] uid/euid:1001/1001 gid/egid:1001/1001 2011-03-01T23:26:55.391342+01:00 localhost kernel: [29593.612391] grsec: denied kernel module auto-load of net-pf-10 by /opt/VirtualBox/VBoxXPCOMIPCD[VBoxXPCOMIPCD:32751] uid/euid:1001/1001 gid/egid:1001/1001, parent /opt/VirtualBox/VBoxManage[VBoxManage:32750] uid/euid:1001/1001 gid/egid:1001/1001 2011-03-01T23:26:55.411336+01:00 localhost kernel: [29593.632066] grsec: denied resource overstep by requesting 31 for RLIMIT_NICE against limit 30 for /opt/VirtualBox/VBoxSVC[VBoxSVC:32757] uid/euid:1001/1001 gid/egid:1001/1001, parent /opt/VirtualBox/VBoxManage[VBoxManage:32736] uid/euid:1001/1001 gid/egid:1001/1001 2011-03-01T23:26:55.424356+01:00 localhost kernel: [29593.645405] grsec: denied resource overstep by requesting 31 for RLIMIT_NICE against limit 30 for /opt/VirtualBox/VBoxSVC[VBoxSVC:32761] uid/euid:1001/1001 gid/egid:1001/1001, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0 2011-03-01T23:26:55.424375+01:00 localhost kernel: [29593.645885] grsec: denied kernel module auto-load of net-pf-10 by /opt/VirtualBox/VBoxSVC[VBoxSVC:32760] uid/euid:1001/1001 gid/egid:1001/1001, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0 2011-03-01T23:26:55.607337+01:00 localhost kernel: [29593.828574] grsec: denied resource overstep by requesting 31 for RLIMIT_NICE against limit 30 for /opt/VirtualBox/VBoxTestOGL[VBoxTestOGL:501] uid/euid:1001/1001 gid/egid:1001/1001, parent /opt/VirtualBox/VBoxSVC[VBoxSVC:32764] uid/euid:1001/1001 gid/egid:1001/1001 2011-03-01T23:26:55.751342+01:00 localhost kernel: [29593.972536] grsec: denied resource overstep by requesting 31 for RLIMIT_NICE against limit 30 for /opt/VirtualBox/VirtualBox[VirtualBox:506] uid/euid:1001/1001 gid/egid:1001/1001, parent /opt/VirtualBox/VBoxSVC[VBoxSVC:32764] uid/euid:1001/1001 gid/egid:1001/1001 2011-03-01T23:26:55.929343+01:00 localhost kernel: [29594.150847] grsec: denied kernel module auto-load of net-pf-10 by /opt/VirtualBox/VirtualBox[VirtualBox:505] uid/euid:1001/1001 gid/egid:1001/1001, parent /opt/VirtualBox/VBoxSVC[VBoxSVC:32764] uid/euid:1001/1001 gid/egid:1001/1001 2011-03-01T23:26:56.252339+01:00 localhost kernel: [29594.473693] grsec: denied resource overstep by requesting 31 for RLIMIT_NICE against limit 30 for /opt/VirtualBox/VBoxNetDHCP[VBoxNetDHCP:519] uid/euid:1001/1001 gid/egid:1001/1001, parent /opt/VirtualBox/VBoxSVC[VBoxSVC:511] uid/euid:1001/1001 gid/egid:1001/1001 2011-03-01T23:26:56.274326+01:00 localhost kernel: [29594.495452] device vboxnet0 entered promiscuous mode 2011-03-01T23:27:12.036321+01:00 localhost kernel: [29610.257056] device vboxnet0 left promiscuous mode

Module net-pf-10 ?
I have not found such a module:

Code: Select all: grep -i pf /usr/src/linux/.config CONFIG_IP_NF_ARPFILTER=y CONFIG_ATM_BR2684_IPFILTER=y CONFIG_DEVTMPFS=y CONFIG_DEVTMPFS_MOUNT=y # CONFIG_SCSI_LPFC is not set CONFIG_TMPFS=y CONFIG_TMPFS_POSIX_ACL=y # CONFIG_HPFS_FS is not set

What other settings to change?

Yours

Posted: **Wed Mar 02, 2011 2:34 pm**

jacekalex wrote:Virtualbox error log:
[code]00:00:13.195 ********************* End of statistics **********************
00:00:13.195 VMSetError: /home/vbox/tinderbox/3.2-lnx32-rel/src/VBox/VMM/MM.cpp(684) int MMR3AdjustFixedReservation(VM*, int32_t, const char*); rc=VERR_INTERNAL_ERROR_3
00:00:13.195 VMSetError: Failed to reserve physical memory (0x2404 -> 0x2400; VMMDev Heap)
00:00:13.197 VMSetError: /home/vbox/tinderbox/3.2-lnx32-rel/src/VBox/VMM/MM.cpp(684) int MMR3AdjustFixedReservation(VM*, int32_t, const char*); rc=VERR_INTERNAL_ERROR_3
00:00:13.197 VMSetError: Failed to reserve physical memory (0x2404 -> 0x2004; VMMDev)
00:00:13.217 VMSetError: /home/vbox/tinderbox/3.2-lnx32-rel/src/VBox/VMM/MM.cpp(684) int MMR3AdjustFixedReservation(VM*, int32_t, const char*); rc=VERR_INTERNAL_ERROR_3
00:00:13.217 VMSetError: Failed to reserve physical memory (0x2404 -> 0x404; VRam)

i'd start with these and try to figure out what vbox was trying to do here exactly and why such requests were denied. probably the best is to talk to the vbox devs first, if you/they can tell me what's happening here, i can tell whether it's a bug or feature in PaX

.

Posted: **Wed Mar 02, 2011 7:14 pm**

I have this working on my system and I've been working to get the stuff into Gentoo's tree. Here's a quick howto:

1. Use on of the recent kernels, it has my restructured predefined hardened settings. Use VIRTUALIZATION:

Security options --->
Grsecurity --->
[*] Grsecurity
Security Level (Hardened Gentoo [virtualization]) --->

It basically turns off KERNEXEC and UDEREF along with a few others. Compile boot.

2. Switch to the vanilla compiler. This is because VirtualBox's build system is stupid, doesn't respect CFLAGS and upstream is not helping. (And I have better things to do with my life):

gcc-config x86_64-pc-linux-gnu-4.4.5-vanilla
source /etc/profile

Now emerge virtualbox-4.0.4.

Switch back to the regular hardened compiler, and emerge virtualbox-extpack-oracle-4.0.4, virtualbox-modules-4.0.4, virtualbox-additions-4.0.4.

3. Start VirtualBox. In bash do:

for m in vbox{drv,netadp,netflt}; do modprobe $m; done
VirtualBox &

4. Install your virtual machine in the usual way.

5. If its a gentoo guest, it helps to follow this howto: http://en.gentoo-wiki.com/wiki/Virtualbox_Guest

Posted: **Mon Aug 15, 2011 11:39 pm**

PaX Team wrote:
jacekalex wrote:Virtualbox error log:
Code: Select all
00:00:13.195 ********************* End of statistics ********************** 00:00:13.195 VMSetError: /home/vbox/tinderbox/3.2-lnx32-rel/src/VBox/VMM/MM.cpp(684) int MMR3AdjustFixedReservation(VM*, int32_t, const char*); rc=VERR_INTERNAL_ERROR_3 00:00:13.195 VMSetError: Failed to reserve physical memory (0x2404 -> 0x2400; VMMDev Heap) 00:00:13.197 VMSetError: /home/vbox/tinderbox/3.2-lnx32-rel/src/VBox/VMM/MM.cpp(684) int MMR3AdjustFixedReservation(VM*, int32_t, const char*); rc=VERR_INTERNAL_ERROR_3 00:00:13.197 VMSetError: Failed to reserve physical memory (0x2404 -> 0x2004; VMMDev) 00:00:13.217 VMSetError: /home/vbox/tinderbox/3.2-lnx32-rel/src/VBox/VMM/MM.cpp(684) int MMR3AdjustFixedReservation(VM*, int32_t, const char*); rc=VERR_INTERNAL_ERROR_3 00:00:13.217 VMSetError: Failed to reserve physical memory (0x2404 -> 0x404; VRam)

i'd start with these and try to figure out what vbox was trying to do here exactly and why such requests were denied. probably the best is to talk to the vbox devs first, if you/they can tell me what's happening here, i can tell whether it's a bug or feature in PaX .

I get these too with 4.1.0 and 2.6.39, with uderef and kernexec disabled. Don't know what's going on

Did this ever got figured out?
Is anyone else able to get virtualbox working? Is uderef and kernexec really necessary to be disabled?

00:00:10.322 VMSetError: /home/vbox/vbox-4.1.0/src/VBox/VMM/VMMR3/MM.cpp(684) int MMR3AdjustFixedReservation(VM*, int32_t, const char*); rc=VERR_INTERNAL_ERROR_3
00:00:10.322 VMSetError: Failed to reserve physical memory (0x1004 -> 0x1000; VMMDev Heap)
00:00:10.324 VMSetError: /home/vbox/vbox-4.1.0/src/VBox/VMM/VMMR3/MM.cpp(684) int MMR3AdjustFixedReservation(VM*, int32_t, const char*); rc=VERR_INTERNAL_ERROR_3
00:00:10.324 VMSetError: Failed to reserve physical memory (0x1004 -> 0xc04; VMMDev)
00:00:10.326 VMSetError: /home/vbox/vbox-4.1.0/src/VBox/VMM/VMMR3/MM.cpp(684) int MMR3AdjustFixedReservation(VM*, int32_t, const char*); rc=VERR_INTERNAL_ERROR_3
00:00:10.326 VMSetError: Failed to reserve physical memory (0x1004 -> 0x404; VRam)

This is the source

Code: Select all: /** * Interface for PGM to adjust the reservation of fixed pages. * * This can be called before MMR3InitPaging. * * @returns VBox status code. Will set VM error on failure. * @param pVM The shared VM structure. * @param cDeltaFixedPages The number of pages to add (positive) or subtract (negative). * @param pszDesc Some description associated with the reservation. */ VMMR3DECL(int) MMR3AdjustFixedReservation(PVM pVM, int32_t cDeltaFixedPages, const char *pszDesc) { const uint32_t cOld = pVM->mm.s.cFixedPages; pVM->mm.s.cFixedPages += cDeltaFixedPages; LogFlow(("MMR3AdjustFixedReservation: %d (%u -> %u)\n", cDeltaFixedPages, cOld, pVM->mm.s.cFixedPages)); int rc = mmR3UpdateReservation(pVM); if (RT_FAILURE(rc)) { VMSetError(pVM, rc, RT_SRC_POS, N_("Failed to reserve physical memory (%#x -> %#x; %s)"), cOld, pVM->mm.s.cFixedPages, pszDesc); pVM->mm.s.cFixedPages = cOld; } return rc; }

Posted: **Tue Aug 16, 2011 7:39 am**

nickde wrote:I get these too with 4.1.0 and 2.6.39, with uderef and kernexec disabled. Don't know what's going on Did this ever got figured out?

not to my knowledge.

Is uderef and kernexec really necessary to be disabled?

yes, vbox does things that are simply not compatible with these features and only they can fix them properly (which is unlikely to happen given the amount of work required, at least for KERNEXEC/i386).

Posted: **Tue Aug 16, 2011 7:43 pm**

PaX Team wrote:
nickde wrote:I get these too with 4.1.0 and 2.6.39, with uderef and kernexec disabled. Don't know what's going on Did this ever got figured out?
not to my knowledge.
Is uderef and kernexec really necessary to be disabled?
yes, vbox does things that are simply not compatible with these features and only they can fix them properly (which is unlikely to happen given the amount of work required, at least for KERNEXEC/i386).

So I've spend the best part of the day compiling my kernel with different pax options, trying to figure out virtualbox compatibility. I'm using virtualbox 4.1.0, 2.6.39-4 and a 64bit system (core i5)
The results:

With everything disabled and KERNEXEC enabled, virtualbox works fine if VT-x is disabled. With both VT-x and KERNEXEC enabled, there is an Oops
Aug 17 01:54:31 mylaptop kernel: [ 147.059543] BUG: unable to handle kernel paging request at ffffffff81733044
Aug 17 01:54:31 mylaptop kernel: [ 147.059592] IP: [<ffffffffa04ce247>] g_abExecMemory+0xb247/0x180000 [vboxdrv]
Aug 17 01:54:31 mylaptop kernel: [ 147.059660] PGD 1729067 PUD 172f063 PMD 16001e1
Aug 17 01:54:31 mylaptop kernel: [ 147.059691] Thread overran stack, or stack corrupted
Aug 17 01:54:31 mylaptop kernel: [ 147.059715] Oops: 0003 [#1] SMP
Aug 17 01:54:31 mylaptop kernel: [ 147.059737] last sysfs file: /sys/devices/system/cpu/cpu3/cache/index2/shared_cpu_map
Aug 17 01:54:31 mylaptop kernel: [ 147.059785] CPU 3
Aug 17 01:54:31 mylaptop kernel: [ 147.059806] Modules linked in: rfcomm binfmt_misc bnep pci_stub vboxpci vboxnetadp vboxnetflt vboxdrv parport_pc ppdev snd_hda_codec_hdmi snd_hda_codec_conexant ipt_REJECT ipt_LOG xt_limit xt_tcpudp xt_addrtype xt_state snd_hda_intel thinkpad_acpi arc4 snd_hda_codec snd_hwdep snd_seq_midi ip6table_filter ip6_tables snd_pcm snd_rawmidi nf_nat_irc nf_conntrack_irc nf_nat_ftp snd_seq_midi_event iwlagn nf_nat snd_seq mac80211 i915 nf_conntrack_ipv4 snd_timer nf_defrag_ipv4 snd_seq_device snd nf_conntrack_ftp cfg80211 drm_kms_helper soundcore nf_conntrack drm snd_page_alloc iptable_filter coretemp i2c_algo_bit ip_tables btusb lp nvram parport bluetooth psmouse video wmi serio_raw joydev x_tables usbhid hid ahci libahci xhci_hcd sdhci_pci sdhci e1000e
Aug 17 01:54:31 mylaptop kernel: [ 147.060675]
Aug 17 01:54:31 mylaptop kernel: [ 147.060685] Pid: 2299, comm: VirtualBox Not tainted 2.6.39.4-test8-grsec #5 LENOVO 4171CTO/4171CTO
Aug 17 01:54:31 mylaptop kernel: [ 147.060762] RIP: 0010:[<ffffffffa04ce247>] [<ffffffffa04ce247>] g_abExecMemory+0xb247/0x180000 [vboxdrv]
Aug 17 01:54:31 mylaptop kernel: [ 147.060917] RSP: 0018:ffff8801e08fbba0 EFLAGS: 00010082
Aug 17 01:54:31 mylaptop kernel: [ 147.061008] RAX: ffffffff81733040 RBX: 0000000000000040 RCX: 0000000000000000
Aug 17 01:54:31 mylaptop kernel: [ 147.061040] RDX: 0000000000000600 RSI: 0000000000000000 RDI: ffffc90005e38900
Aug 17 01:54:31 mylaptop kernel: [ 147.061069] RBP: 0000000000000000 R08: ffffc90005e38000 R09: 0000002248302984
Aug 17 01:54:31 mylaptop kernel: [ 147.061158] R10: ffffffffa04ce1e0 R11: 00000000017f18ad R12: ffffc90005e38900
Aug 17 01:54:31 mylaptop kernel: [ 147.061241] R13: ffffc90005e1d000 R14: ffff8801e08fbd68 R15: 0000000000000001
Aug 17 01:54:31 mylaptop kernel: [ 147.061321] FS: 000003296c412700(0000) GS:ffff88021e2c0000(0000) knlGS:0000000000000000
Aug 17 01:54:31 mylaptop kernel: [ 147.061413] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
Aug 17 01:54:31 mylaptop kernel: [ 147.061478] CR2: ffffffff81733044 CR3: 0000000001629000 CR4: 00000000000426f0
Aug 17 01:54:31 mylaptop kernel: [ 147.061556] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
Aug 17 01:54:31 mylaptop kernel: [ 147.061660] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Aug 17 01:54:31 mylaptop kernel: [ 147.061741] Process VirtualBox (pid: 2299, threadinfo ffff88020f910d68, task ffff88020f910860)
Aug 17 01:54:31 mylaptop kernel: [ 147.061833] Stack:
Aug 17 01:54:31 mylaptop kernel: [ 147.061859] ffff81733000007f 000000000000ffff 0000000000000000 ffffc90005e38900
Aug 17 01:54:31 mylaptop kernel: [ 147.061963] ffffc90005e38fe8 0000000000000000 000000001e2c0000 00000000ffff8802
Aug 17 01:54:31 mylaptop kernel: [ 147.062063] 0000000000000000 000000006c412700 0000000000000329 0000000000000000
Aug 17 01:54:31 mylaptop kernel: [ 147.062195] Call Trace:
Aug 17 01:54:31 mylaptop kernel: [ 147.062267] [<ffffffffa064f02a>] ? supdrvIOCtlFast+0xaa/0xb0 [vboxdrv]
Aug 17 01:54:31 mylaptop kernel: [ 147.062301] [<ffffffffa064b39d>] ? VBoxDrvLinuxIOCtl+0x4d/0x460 [vboxdrv]
Aug 17 01:54:31 mylaptop kernel: [ 147.062329] [<ffffffff8117e09c>] ? do_vfs_ioctl+0xac/0x790
Aug 17 01:54:31 mylaptop kernel: [ 147.062415] [<ffffffff8117e811>] ? sys_ioctl+0x91/0xa0
Aug 17 01:54:31 mylaptop kernel: [ 147.062481] [<ffffffff81604f14>] ? system_call_fastpath+0x16/0x1b
Aug 17 01:54:31 mylaptop kernel: [ 147.062551] Code: 00 00 36 89 b7 08 02 00 00 36 89 af 10 02 00 00 58 36 89 87 00 02 00 00 5b 48 83 ec 10 0f 01 04 24 48 89 d8 24 f8 48 03 44 24 02
Aug 17 01:54:31 mylaptop kernel: [ 147.067099] RIP [<ffffffffa04ce247>] g_abExecMemory+0xb247/0x180000 [vboxdrv]
Aug 17 01:54:31 mylaptop kernel: [ 147.071185] RSP <ffff8801e08fbba0>
Aug 17 01:54:31 mylaptop kernel: [ 147.075248] CR2: ffffffff81733044
Aug 17 01:54:31 mylaptop kernel: [ 147.152774] ---[ end trace 9780bbde545a77d7 ]---
With everything disabled and UDEREF enabled, it oopses.
Aug 17 00:41:27 mylaptop kernel: [ 117.814892] BUG: unable to handle kernel paging request at 000003f11d3a4798
Aug 17 00:41:27 mylaptop kernel: [ 117.815021] IP: [<ffffffffa0554a57>] g_abExecMemory+0x49a57/0x180000 [vboxdrv]
Aug 17 00:41:27 mylaptop kernel: [ 117.815143] PGD 1f5c61000
Aug 17 00:41:27 mylaptop kernel: [ 117.815181] Thread overran stack, or stack corrupted
Aug 17 00:41:27 mylaptop kernel: [ 117.815239] Oops: 0000 [#1] SMP
Aug 17 00:41:27 mylaptop kernel: [ 117.815290] last sysfs file: /sys/devices/virtual/hwmon/hwmon0/temp1_input
Aug 17 00:41:27 mylaptop kernel: [ 117.815399] CPU 1
Aug 17 00:41:27 mylaptop kernel: [ 117.815426] Modules linked in: aesni_intel cryptd aes_x86_64 aes_generic rfcomm binfmt_misc bnep pci_stub vboxpci vboxnetadp vboxnetflt vboxdrv parport_pc ppdev snd_hda_codec_hdmi snd_hda_codec_conexant ipt_REJECT ipt_LOG xt_limit xt_tcpudp xt_addrtype xt_state snd_hda_intel ip6table_filter i915 snd_hda_codec drm_kms_helper drm ip6_tables thinkpad_acpi nf_nat_irc snd_hwdep nf_conntrack_irc snd_seq_midi snd_pcm nf_nat_ftp arc4 snd_rawmidi snd_seq_midi_event nf_nat snd_seq nf_conntrack_ipv4 iwlagn nf_defrag_ipv4 snd_timer mac80211 snd_seq_device coretemp nf_conntrack_ftp nf_conntrack btusb lp snd i2c_algo_bit iptable_filter bluetooth parport cfg80211 ip_tables psmouse wmi nvram video soundcore joydev serio_raw x_tables snd_page_alloc usbhid hid ahci libahci e1000e sdhci_pci sdhci xhci_hcd
Aug 17 00:41:27 mylaptop kernel: [ 117.816531]
Aug 17 00:41:27 mylaptop kernel: [ 117.816555] Pid: 2311, comm: VirtualBox Not tainted 2.6.39.4-test10-grsec #7 LENOVO 4171CTO/4171CTO
Aug 17 00:41:27 mylaptop kernel: [ 117.816669] RIP: 0010:[<ffffffffa0554a57>] [<ffffffffa0554a57>] g_abExecMemory+0x49a57/0x180000 [vboxdrv]
Aug 17 00:41:27 mylaptop kernel: [ 117.816792] RSP: 0018:ffff8801e3ce3cd8 EFLAGS: 00010246
Aug 17 00:41:27 mylaptop kernel: [ 117.816853] RAX: 0000000000000001 RBX: ffffc90005f20000 RCX: ffffffffffffffff
Aug 17 00:41:27 mylaptop kernel: [ 117.816932] RDX: 0000000000000001 RSI: ffffc90005f3b000 RDI: 000003f11d3a4790
Aug 17 00:41:27 mylaptop kernel: [ 117.817017] RBP: ffff8801e3ce3d18 R08: 39e0000000000000 R09: 000003f11d3a4810
Aug 17 00:41:27 mylaptop kernel: [ 117.817097] R10: 000003f11d3c7d00 R11: 0000000000000246 R12: 0000000000000000
Aug 17 00:41:27 mylaptop kernel: [ 117.817175] R13: ffffc90005f28860 R14: ffff8801e3ce3d48 R15: ffffc90005f20000
Aug 17 00:41:27 mylaptop kernel: [ 117.817256] FS: 000003f11ddcd700(0000) GS:ffff88021e240000(0000) knlGS:0000000000000000
Aug 17 00:41:27 mylaptop kernel: [ 117.817345] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Aug 17 00:41:27 mylaptop kernel: [ 117.817410] CR2: 000003f11d3a4798 CR3: 0000000001633000 CR4: 00000000000426f0
Aug 17 00:41:27 mylaptop kernel: [ 117.817488] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
Aug 17 00:41:27 mylaptop kernel: [ 117.817567] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Aug 17 00:41:27 mylaptop kernel: [ 117.817647] Process VirtualBox (pid: 2311, threadinfo ffff8801fa0d7a48, task ffff8801fa0d7540)
Aug 17 00:41:27 mylaptop kernel: [ 117.817740] Stack:
Aug 17 00:41:27 mylaptop kernel: [ 117.817766] ffffffffffff4111 ffffc90005f3b000 ffffffffffff4111 00000000ffff4111
Aug 17 00:41:27 mylaptop kernel: [ 117.817865] ffffffffffff4111 ffffc90005f20000 0000000000000000 ffffc90005f3b000
Aug 17 00:41:27 mylaptop kernel: [ 117.817967] ffff8801e3ce3d88 ffffffffa052179f ffffffffffff4111 ffffffffffff4111
Aug 17 00:41:27 mylaptop kernel: [ 117.818065] Call Trace:
Aug 17 00:41:27 mylaptop kernel: [ 117.818120] [<ffffffffa06970ea>] ? supdrvIOCtlFast+0xaa/0xb0 [vboxdrv]
Aug 17 00:41:27 mylaptop kernel: [ 117.818210] [<ffffffffa06933b3>] ? VBoxDrvLinuxIOCtl+0x53/0x510 [vboxdrv]
Aug 17 00:41:27 mylaptop kernel: [ 117.818295] [<ffffffff8118488b>] ? do_vfs_ioctl+0xab/0x870
Aug 17 00:41:27 mylaptop kernel: [ 117.818362] [<ffffffff811850e1>] ? sys_ioctl+0x91/0xa0
Aug 17 00:41:27 mylaptop kernel: [ 117.818428] [<ffffffff8161fa89>] ? system_call_fastpath+0x16/0x1b
Aug 17 00:41:27 mylaptop kernel: [ 117.818503] [<ffffffff8161fa27>] ? system_call_after_swapgs+0x17/0x63
Aug 17 00:41:27 mylaptop kernel: [ 117.818575] Code: 75 c8 0f 88 ae fe ff ff 31 c0 86 83 fc 87 00 00 48 8b bb 28 88 00 00 45 31 e4 49 b8 00 00 00 00 00 00 e0 39 4c 8d 8f 80 00 00 00 <8b> 47 08 85 c0 74 2b 48 98 48 01 f8 74 24 8b 50 44 44 39 e2 76
Aug 17 00:41:27 mylaptop kernel: [ 117.819085] RIP [<ffffffffa0554a57>] g_abExecMemory+0x49a57/0x180000 [vboxdrv]
Aug 17 00:41:27 mylaptop kernel: [ 117.819182] RSP <ffff8801e3ce3cd8>
Aug 17 00:41:27 mylaptop kernel: [ 117.819223] CR2: 000003f11d3a4798
Aug 17 00:41:27 mylaptop kernel: [ 117.885512] ---[ end trace 0ff232153321d5ab ]---
But with the weird thing is next: With everything disabled and any single one of the ASLR options enabled, virtualbox competely freezes my system - not an oops, it doesn't show anything, just everything is stuck until a hard reboot.
And of course the binaries don't work with MPROTECT, but they can be marked with paxctl at least.

There should be a big fat warning somewhere that virtualbox is incompatible with most things in pax..

Posted: **Wed Aug 17, 2011 7:05 am**

nickde wrote:Aug 17 01:54:31 mylaptop kernel: [ 147.059543] BUG: unable to handle kernel paging request at ffffffff81733044
Aug 17 01:54:31 mylaptop kernel: [ 147.059592] IP: [<ffffffffa04ce247>] g_abExecMemory+0xb247/0x180000 [vboxdrv]

this is some runtime loaded vbox code (note the issue here: vbox doesn't use the kernel's own module loader system, hence the lack of proper symbols) that tries to modify read-only memory (probably the GDT or some kernel page table).

Aug 17 00:41:27 mylaptop kernel: [ 117.814892] BUG: unable to handle kernel paging request at 000003f11d3a4798
Aug 17 00:41:27 mylaptop kernel: [ 117.815021] IP: [<ffffffffa0554a57>] g_abExecMemory+0x49a57/0x180000 [vboxdrv]

similarly, this is some of its own module code that tries to access userland memory without going through the proper kernel wrappers - this is a prime suspect of being a potential security bug even and what UDEREF was designed to catch.

But with the weird thing is next: With everything disabled and any single one of the ASLR options enabled, virtualbox competely freezes my system - not an oops, it doesn't show anything, just everything is stuck until a hard reboot.

this is something you could report to oracle/vbox guys as ASLR is a userland feature, it should not cause kernel failures.

There should be a big fat warning somewhere that virtualbox is incompatible with most things in pax..

the config help for both UDEREF and KERNEXEC mentions problems with virtualization but it's really not the place to call out every single app that may not work properly. but we have a wiki, open to the public to contribute to

.

grsecurity forums

Virtualbox & kernel 2.6.37-grsec - is possible?

Virtualbox & kernel 2.6.37-grsec - is possible?

Re: Virtualbox & kernel 2.6.37-grsec - is possible?

Re: Virtualbox & kernel 2.6.37-grsec - is possible?

Re: Virtualbox & kernel 2.6.37-grsec - is possible?

Re: Virtualbox & kernel 2.6.37-grsec - is possible?

Re: Virtualbox & kernel 2.6.37-grsec - is possible?

Re: Virtualbox & kernel 2.6.37-grsec - is possible?

Re: Virtualbox & kernel 2.6.37-grsec - is possible?

Re: Virtualbox & kernel 2.6.37-grsec - is possible?