:: Re: [DNG] Recent Security Update Di…
Page principale
Supprimer ce message
Répondre à ce message
Auteur: aitor_czr
Date:  
À: Miroslav Rovis, dng
Sujet: Re: [DNG] Recent Security Update Discrepancy

Hi Miroslav,


On 11/11/2016 01:00 PM, Miroslav Rovis <miro.rovis@???> wrote:
> Thanks for replying.
>
> However, my attempts got bogged down at:
>
> virt-install playing poorly with grsecurity-hardened
> https://forums.grsecurity.net/viewtopic.php?f=3&t=4609
>
> (maybe some of grsecurity users among you Devuan can tell why such poor
> play of virt=install with a (heavily) grsecurity-hardened kernel?... The
> grsecurity-hardened Devuan is what I plan to try and achieve also with
> DEvuan once I finally install it... But read my apologies at the end of
> this email...)
>
> Notice there a link to Gentoo Bugzilla to see why I was trying to see if
> virt-install could do for me:
> =sys-kernel/hardened-sources-4.7.6: Kernel panic when starting KVM
> guests
> https://bugs.gentoo.org/show_bug.cgi?id=597554
>
> It's likely a use-after-free condition, according to PaX Team:
> https://bugs.gentoo.org/show_bug.cgi?id=597554#c16
>
> More of my reply below.
>
> On 161110-11:05+1100, Andrew McGlashan wrote:
>> >Okay, doing a reply all to make sure that Miroslav gets this okay....
>> >
>> >On 10/11/16 00:31, Miroslav Rovis wrote:
>>> > >...
>>> > >I said would [be looking into this tutorial, if...].
>>> > >If this:
>>>> > >>Once the install was done, I dumped the xml, edited it, undefined the
>>>> > >>guest and then re-created it from the adjusted xml. The changes
>>>> > >>required (to the xml exported file) were to stop it booting the
>>>> > >>installer and to boot from the disk image instead.
>>> > >means what you install with virt-install on an LVM volume on your real
>>> > >hard drive can then be booted normally, regularly, leaving the Virtual
>>> > >Machine behind?
>> >
>> >What you have is a Guest machine contained in an LVM volume; the Host
>> >machine boots normally.
>> >
>> >If you wanted to boot the guest machine, then you may need to do more
>> >works for conversion. My host machine is with dropbear within initrd
>> >boot and full disk encryption. It boots fine with or with the LVM
>> >created instance. My purpose was to create a KVM host and then create
>> >guests (like this one) as needed.
>> >
>> >Thanks
>> >AndrewM
> Thank you!
>
> While I think the conversion to turn a Devuan guest is very likely much
> more complex than a regular install, none of it can I still attempt to
> do yet...
>
> This has cost me a lot of time, and I got nowhere.
>
> I did have a much nicer try with Devuan-based Refracta which I was so
> glad about:
>
> Devuan image in Qemu
> http://www.croatiafidelis.hr/foss/cap/cap-161015-qemu-devuan/#No5
>
> Thanks again, and;-) sorry I work so slow...!


Just so you know, grsecurity is included by default in the kernel 4.x of
ascii :)

Cheers,

Aitor.