The email tp which I reply is itself a reply to this email of mine:
https://lists.dyne.org/lurker/message/20161110.172443.c36c6124.en.html
so I'll fake the In-Reply-To header to get it to appear in this thread:
https://lists.dyne.org/lurker/thread/20161110.172443.c36c6124.en.html#20161110.172443.c36c6124
( I really like Lurker. It is superior to Python-mailer --or whatever
that it's called-- and other instant interactive web mail archivers... I
think Lurker is the best for this purpose, and I always like telling
people how good service Lurker does on Dyne org, i.e. Devuan
parent-hoster's web...
I currently deploy a Lurker, but it's a frozen copy of the offline one
on my Apache, e.g.:
http://www.croatiafidelis.hr/foss/cenz/iskon-tcom-mr/list/iskon-tcom-mr.en.html
and I will probably fake this thing correctly...
)
The aitor_czr's email to which I am replying shows at:
https://lists.dyne.org/lurker/message/20161111.193521.dbb2d913.en.html
with the subject of the thread:
Re: [DNG] Recent Security Update Discrepancy
but this one mine will (likely, but not sure...) not show as a reply
there; I will try to remedy for it though... Will see...
So... ;-)
Hi aitor_czr!
Pls. read my reply further below!
On 161111-20:35+0100, aitor_czr wrote:
>
> Hi Miroslav,
>
>
> On 11/11/2016 01:00 PM, Miroslav Rovis <miro.rovis@???> wrote:
> > Thanks for replying.
> >
> > However, my attempts got bogged down at:
> >
> > virt-install playing poorly with grsecurity-hardened
> > https://forums.grsecurity.net/viewtopic.php?f=3&t=4609
> >
> > (maybe some of grsecurity users among you Devuan can tell why such poor
> > play of virt=install with a (heavily) grsecurity-hardened kernel?... The
> > grsecurity-hardened Devuan is what I plan to try and achieve also with
> > DEvuan once I finally install it... But read my apologies at the end of
> > this email...)
> >
> > Notice there a link to Gentoo Bugzilla to see why I was trying to see if
> > virt-install could do for me:
> > =sys-kernel/hardened-sources-4.7.6: Kernel panic when starting KVM
> > guests
> > https://bugs.gentoo.org/show_bug.cgi?id=597554
> >
> > It's likely a use-after-free condition, according to PaX Team:
> > https://bugs.gentoo.org/show_bug.cgi?id=597554#c16
> >
> > More of my reply below.
> >
> > On 161110-11:05+1100, Andrew McGlashan wrote:
> >> >Okay, doing a reply all to make sure that Miroslav gets this okay....
> >> >
> >> >On 10/11/16 00:31, Miroslav Rovis wrote:
> >>> > >...
> >>> > >I said would [be looking into this tutorial, if...].
> >>> > >If this:
> >>>> > >>Once the install was done, I dumped the xml, edited it, undefined the
> >>>> > >>guest and then re-created it from the adjusted xml. The changes
> >>>> > >>required (to the xml exported file) were to stop it booting the
> >>>> > >>installer and to boot from the disk image instead.
> >>> > >means what you install with virt-install on an LVM volume on your real
> >>> > >hard drive can then be booted normally, regularly, leaving the Virtual
> >>> > >Machine behind?
> >> >
> >> >What you have is a Guest machine contained in an LVM volume; the Host
> >> >machine boots normally.
> >> >
> >> >If you wanted to boot the guest machine, then you may need to do more
> >> >works for conversion. My host machine is with dropbear within initrd
> >> >boot and full disk encryption. It boots fine with or with the LVM
> >> >created instance. My purpose was to create a KVM host and then create
> >> >guests (like this one) as needed.
> >> >
> >> >Thanks
> >> >AndrewM
> > Thank you!
> >
> > While I think the conversion to turn a Devuan guest is very likely much
> > more complex than a regular install, none of it can I still attempt to
> > do yet...
> >
> > This has cost me a lot of time, and I got nowhere.
> >
> > I did have a much nicer try with Devuan-based Refracta which I was so
> > glad about:
> >
> > Devuan image in Qemu
> > http://www.croatiafidelis.hr/foss/cap/cap-161015-qemu-devuan/#No5
> >
> > Thanks again, and ;-) sorry I work so slow...!
>
> Just so you know, grsecurity is included by default in the kernel 4.x of
> ascii :)
>
> Cheers,
>
> Aitor.
>
>
>
That's such great news! Aaarghh! It only we somehow get spender and PaX
Team, the two geniuses that got the Schminus and the
not-always-up-to-their-expected-levels comrades ashamed quite a few
time...
It only we somehow get spender and PaX Team to go back to full non-paid
grsecurity patches completely free at least for testing kernel...
Currently the RAP (return address protection) is only a demo unless you
pay...
And you don't get a genius to fix the kernel just born so often, not
even in the world full of people... Those are two of a unique and very
rare breed...
But it was due... They kept fixing the kernel, and what had they had in
return? Ingratitude, no recognition and even flac!... Sad...
NSA Linux is the default, still in most distros when it comes to
hardened... Even in Gentoo... I pity the newbies. I pity the newbies...
Noone is telling them what they really get all packaged up nicely and
kindly... Oh I meant the SELinux... that's the name. NSA is just the
manufacturer.
But, like I already said, and I have to repeat it:
;-) sorry I work so slowly...!
--
Miroslav Rovis
Zagreb, Croatia
http://www.CroatiaFidelis.hr