From: Alex Klymov (al3x__at_gmx.net)
Date: Thu 04 Dec 2003 - 17:24:18 GMT
Thursday, December 4, 2003, 11:41:57 AM, you wrote:
MP> Hi vServer-Admins,
MP> Trying to use vserver with other pax, grsecurity or the openwall patches does not work.
MP> But security demands are rising.
MP> So, does anyone know any kernel enhancements that work with vserver?
MP> Features I am searching for are:
MP> - Randomized Features (TCP ISN, PIDs, IP IDs, TCP source ports)
MP> - Protection against Stack-attacks
MP> - Confusing OS-fingerprints
MP> - Auditing Features (like in grsecurity)
MP> - Restrictions for /tmp
MP> - And every other stuff that enhances security!
MP> Thank you a lot for your help!
I was able to "marry" vserver with grsecurity 2.0rc3. My first priority was
network security increasing - I didn't try PaX and process protection but I
don't see the reason why it won't be working. from the sources perspective it should not conflict with vserver
functionality as long as you are not using ACLs feature (which uses system
capabilities vserver is dependant on).
Can somebody confirm/correct me if I'm wrong?
-- Alex mailto:al3x__at_gmx.net 12:15:01 PM Thursday, December 4, 2003 EDT
_______________________________________________ Vserver mailing list Vserver_at_list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver