grsecurity forums

[Silvr]

So I would like to run Virtualbox on a machine that is running grsec on a 2.6.29.2 kernel. Virtualbox requires a kernel module vboxdrv as they call it. I compiled a kernel with module loading left enabled so that I could boot into the kernel install Virtualbox with vboxdrv and then disable module loading with sysctl.

Virtualbox installed fine and was able to build vboxdrv, which it is not normally able to do when you have module loading disabled. When I go to start up a virtual machine, the entire computer hangs and I have to reboot. There is no error output from Virtualbox or in the logs.

Does anyone use Virtualbox with grsec?

[Grach]

Try to rebuild the kernel without KERNEXEC and UDEREF, and then rebuild vbox modules. It happened to work at least on x86 + vbox 1.6.x.

[tjh]

Yes, I have to build my kernel without KERNEXEC in order to get kvm running properly.

[PaX Team]

Yes, I have to build my kernel without KERNEXEC in order to get kvm running properly.

i thought i'd fixed up KERNEXEC/KVM a while ago and that combo should work. are you having a problem with the latest .29.x versions still? if so, i'd appreciate more details.

[tjh]

This was with the version that Spender had posted he'd mis-merged, so maybe that was the problem? 2.6.29.2-grsec, 2 versions back from ~spender.

Firing up the KVM's produced a bunch of OOPS then the machine hung solid.

I will happily try to reproduce for you, I just assumed that KVM+PaX wasn't supposed to be compatible.

Tim

[tjh]

@PaX Team: It seems that KVM and PAX with KERNEXEC enabled are now working really well.

I certainly had problems with it before, but all good now.

Thanks!

[Grach]

Yes, KVM works for me too. Thank you very much, PaX Team! Having opensource virtualization with KERNEXEC is great and reminds me the day I've discovered PaX and KERNEXEC in the Linux world... The job you're doing is awesome, very appreciated. Thank you!