grsecurity forums

Skip to content

Xen and 3.2.55

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.
Topic locked

Xen and 3.2.55

Postby gaima » Wed Feb 19, 2014 7:18 pm

Hi,

Commit 3d39f46966283b73145304c1fa69b2ee12d39077 is making it pretty tricky to enable Xen dom0 support.
There seems to be a circular issue with PARAVIRT_GUEST (or maybe PARAVIRT) being necessary to be a dom0.
I got quite lost in the dependencies. I did find two ways out to enable Xen though.

1) Add "|| GRKERNSEC_CONFIG_VIRT_XEN" to the "depends on" for menuconfig PARAVIRT_GUEST.
2) Enable CONFIG_X86_EXTENDED_PLATFORM and CONFIG_X86_VSMP.

Option 2 isn't very practical as I don't have EM64T hardware.



CONFIG_GRKERNSEC=y
CONFIG_GRKERNSEC_CONFIG_AUTO=y
# CONFIG_GRKERNSEC_CONFIG_CUSTOM is not set
CONFIG_GRKERNSEC_CONFIG_SERVER=y
# CONFIG_GRKERNSEC_CONFIG_DESKTOP is not set
# CONFIG_GRKERNSEC_CONFIG_VIRT_NONE is not set
# CONFIG_GRKERNSEC_CONFIG_VIRT_GUEST is not set
CONFIG_GRKERNSEC_CONFIG_VIRT_HOST=y
CONFIG_GRKERNSEC_CONFIG_VIRT_EPT=y
# CONFIG_GRKERNSEC_CONFIG_VIRT_SOFT is not set
CONFIG_GRKERNSEC_CONFIG_VIRT_XEN=y
# CONFIG_GRKERNSEC_CONFIG_VIRT_VMWARE is not set
# CONFIG_GRKERNSEC_CONFIG_VIRT_KVM is not set
# CONFIG_GRKERNSEC_CONFIG_VIRT_VIRTUALBOX is not set
CONFIG_GRKERNSEC_CONFIG_PRIORITY_PERF=y
# CONFIG_GRKERNSEC_CONFIG_PRIORITY_SECURITY is not set
gaima
 
Posts: 27
Joined: Fri Feb 12, 2010 12:17 pm
Top

Re: Xen and 3.2.55

Postby spender » Wed Feb 19, 2014 9:44 pm

Thanks, this will be fixed in the next patches.

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm
Top
Topic locked

Return to grsecurity support

Powered by phpBB® Forum Software © phpBB Group