GRSEC + KVM without modules

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

GRSEC + KVM without modules

Postby nicolas.a1 » Fri Sep 05, 2014 9:33 am

Hi all,

For several days, I trying to compile a kernel able to:
- Operate hypervisor side and allow KVM virtualization
- Run guest side (virtio, ...)
- Support fullvirtualization
- No dynamic modules
- And of course, with patches grsec
(+ LXC, but it works already)

Actually, my vm boot, but without hardware support, and without network (I can't enable interface).

I saw:
- Http://www.linux-kvm.org/page/Tuning_Kernel for options to enable
- viewtopic.php?f=3&t=3977&p=14124&hilit=kvm#p14124 for a problem with virtio similar to mine

I'm working on 3.2.62 with the patch https://grsecurity.net/stable/grsecurity 3.0-3.2.62-201408312002.patch

Currently, the hypervisor runs on 3.10.23 with grsec.

The kernel config: http://pastebin.ca/2838990
The config of the vm (libvirt): http://pastebin.ca/2838991

Does anyone have any idea what I'm doing wrong, or someone would have a documentation link on this?

Cheers
nicolas.a1
 
Posts: 1
Joined: Fri Sep 05, 2014 5:15 am

Return to grsecurity support

cron