Hi all,
I’ve been trying to get a Debian 10 sys-net running with grsecurity as a kernel. However, i’ve been running into some trouble when the PCI devices are being attached to it. libxenlight is giving me errors and the PVH VM will never even attempt to boot. If I use a Qubes kernel, I don’t run into these errors and the PCI devices get attached just fine.
I’ve attached 2 screenshots of the errors i’m facing, currently, it might be best to focus on the errors after midnight and ignore the other lines in the screenshot.
Any pointers for what I could attempt to get this fixed?
I plan to write a bigger piece of documentation if I get these bugs ironed out and how I got the rest to compile/work.
Best,
Jurre
I've been trying to get a Debian 10 sys-net running with grsecurity as a
kernel. However, i've been running into some trouble when the PCI devices
are being attached to it. libxenlight is giving me errors and the PVH VM
will never even attempt to boot.
Just to check, are you trying to boot a PVH VM with PCI devices? That's
only supported on HVM (and PV). Try changing 'virt_mode' to 'hvm'
I should’ve been a bit more clear but yes by PVH I meant virt_mode == hvm.
Hi Jurre,
How were you able to get a grsec kernel? I though grsec is propietary/paid-for only now. Would love to get my hands on it if possible.
Offtopic: I suggest you contact them to buy it, that’s what we did. Support your local and only noteworthy linux kernel security project.
OK, I got a lot further with this. It was, surprisingly ;-))), PEBKAC.
Started sys-net with HVM and the kernel as “none” worked in the sense that the VM boots and no PCI errors are thrown around.
What doesn’t work at the moment, is that no connections seems to be possible through qrexec in HVM mode and so since there is no GUI connection possible and so the VM shuts down.
In PVH mode, everything works very smoothly and without issues for VM’s without needing pci passthrough.
Will have a closer look…
Best,
Jurre
It is now possible for individuals to buy a license?
