GRSEC + KVM without modules
Posted: Fri Sep 05, 2014 9:33 am
Hi all,
For several days, I trying to compile a kernel able to:
- Operate hypervisor side and allow KVM virtualization
- Run guest side (virtio, ...)
- Support fullvirtualization
- No dynamic modules
- And of course, with patches grsec
(+ LXC, but it works already)
Actually, my vm boot, but without hardware support, and without network (I can't enable interface).
I saw:
- Http://www.linux-kvm.org/page/Tuning_Kernel for options to enable
- viewtopic.php?f=3&t=3977&p=14124&hilit=kvm#p14124 for a problem with virtio similar to mine
I'm working on 3.2.62 with the patch https://grsecurity.net/stable/grsecurity 3.0-3.2.62-201408312002.patch
Currently, the hypervisor runs on 3.10.23 with grsec.
The kernel config: http://pastebin.ca/2838990
The config of the vm (libvirt): http://pastebin.ca/2838991
Does anyone have any idea what I'm doing wrong, or someone would have a documentation link on this?
Cheers
For several days, I trying to compile a kernel able to:
- Operate hypervisor side and allow KVM virtualization
- Run guest side (virtio, ...)
- Support fullvirtualization
- No dynamic modules
- And of course, with patches grsec
(+ LXC, but it works already)
Actually, my vm boot, but without hardware support, and without network (I can't enable interface).
I saw:
- Http://www.linux-kvm.org/page/Tuning_Kernel for options to enable
- viewtopic.php?f=3&t=3977&p=14124&hilit=kvm#p14124 for a problem with virtio similar to mine
I'm working on 3.2.62 with the patch https://grsecurity.net/stable/grsecurity 3.0-3.2.62-201408312002.patch
Currently, the hypervisor runs on 3.10.23 with grsec.
The kernel config: http://pastebin.ca/2838990
The config of the vm (libvirt): http://pastebin.ca/2838991
Does anyone have any idea what I'm doing wrong, or someone would have a documentation link on this?
Cheers