Hi. I'm currently trying to harden a 3.2.13 kernel that would serve as dom0 for xen virtualisation. From what I've gathered in other posts, it seems that the sole option to be disabled in order to ensure that xen properly works as dom0 is KERNEXEC. In my .config however, the only option that's close to KERNEXEC is CONFIG_PAX_KERNEXEC_PLUGIN_METHOD=""; is there anything I should set here (or elsewhere)? Besides, when trying to launch xend, I'm getting an error stating that there's nothing to be found in /proc/xen ... can this be due to CONFIG_GRKERNSEC_PROC=Y?
A full list of recommended kernel options to ensure maximal security along with a working xen would greatly be appreciated if you to happen to have something in this vein.
thanks!
Mathieu
Recommended kernel options for grsec + xen (as dom0)
2 posts
• Page 1 of 1
Recommended kernel options for grsec + xen (as dom0)
by strav » Mon Mar 26, 2012 10:28 pm
- strav
- Posts: 1
- Joined: Mon Mar 26, 2012 10:16 pm
Re: Recommended kernel options for grsec + xen (as dom0)
by PaX Team » Tue Mar 27, 2012 5:27 am
UDEREF is another feature that won't work in Xen, both of these already depend on !XEN so you can't select them. for everything else, feel free to give them a trystrav wrote:Hi. I'm currently trying to harden a 3.2.13 kernel that would serve as dom0 for xen virtualisation. From what I've gathered in other posts, it seems that the sole option to be disabled in order to ensure that xen properly works as dom0 is KERNEXEC.
.- PaX Team
- Posts: 2310
- Joined: Mon Mar 18, 2002 4:35 pm
2 posts
• Page 1 of 1