W dniu 2014-09-18 o 00:34, Anthony G. Basile pisze:
> On 09/17/14 08:04, Marcin Mirosław wrote:
>> W dniu 16.09.2014 o 14:34, "Tóth Attila" pisze:
>>> 2014.Szeptember 16.(K) 11:05 időpontban Marcin Mirosław ezt írta:
>>>> A few days ago I boot KVM host with hardened kernel. After some time I
>>>> noticed that usb passthrough from host to kvm guest doesn't work.
>>>> Simply
>>>> sayoing guest didn't seen any usb device. After switching kernel on
>>>> host
>>>> to gentoo-sources-{3.14.14,3.16.2} usb-passthrough works as I expect. I
>>>> didn't any related information in logs.
>>>> Does libvirt or grsec need special configuration to have such feature
>>>> working?
>>>
>>> I don't use KVM or libvirt, but I would suggest to check out your grsec
>>> logs for denials.
>>> Also there is a new capability introduced not so long ago:
>>> CAP_BLOCK_SUSPEND
>>> Some daemons and executables may complain - but in my case were
>>> functioning properly anyways. May be not related to your problem.
>>
>> Hi!
>> I don't use RBAC nor in kernel.log nor in dmesg nor in libvirt log I
>> didn't see any suspicious entries.
>> Regards,
>> Marcin
>>Hi all! > Was there an earlier version of hardened-sources which *did* work? I don't know. When some time ago I was using hardened-sources on host I didn't use usb passthrough in that time. Later I stopped to use hardened-sources (kernel was unstable in such enviroment but I didn't report it) and started to use gentoo-sources. Some time later I started to use usb passtrough. > Also, trust the menu options under grsecurity in Kconfig where it says > virtualization etc etc. Some options are too strict for a virt > environment. Having said that, though, if usb is the only thing not > working, I suspect that maybe its some misconfiguration in the > host/client Kconfigs for kvm not related to hardened. I used .config from gentoo-sources->make oldconfig->changed options in grsec menu. Meseems I didn't change anything in kvm related options in kernel. Marcin
