arekm at maven.pl
Mon Nov 21 11:33:01 CET 2011
On Monday 21 of November 2011, Marek Guevara Braun wrote:
> W dniu 17 listopada 2011 19:34 użytkownik Arkadiusz Miśkiewicz
> <arekm at maven.pl> napisał:
> > I wonder if we have grsecurity users that use pld kernels?
> I use this feature.
Ok but what part? RBAC?
> > Asking because there was an idea of dropping grsec from default kernel
> > which can happen iif we have no users of this feature.
> SELinux a'la RHEL then or nothing at all ?
Well, right now some parts of grsec are used among people here, so these won't
The real problem is in 3.1.x kernels where there is some functional conflict
between grsecurity and vserver. That causes such oops:
Our 3.1.1+vserver works fine, 3.1.1+grsec works fine, 3.1.1+vserver+grsec
fails as shown above. There were some changes in dup_mm/copy_process area in
vserver between 3.0 and 3.1 but the real reason for oops is unknown at this
That's the only thing that prevents us from having 3.1 kernel in PLD.
> PS. Do we still need tuxonice and vservers?
tuxonice was dropped. vserver is used by many people here.
> Have someone got any
> experience with vserver -> linux containers/lxc porting of virtual
There is work needed to make lxc usable on pld. For example we don't have
template script for pld at this moment.
http://www.pld-linux.org/Docs/LXC also needs updates.
> Is lxc production ready on our kernels?
Well, LXC is in mainline, so our kernels equal linus kernels in this area.
> I've got issues with
> vservers on 3.0 kernels,
> so I'm considering moving them to lxc.
I also have long term plan to migrate all my guests to lxc (to be able to use
kernel that's not patched with invasive vserver patch).
> PS2. The question should have gone to the pld-uses-pl/en lists.
Look at first mail in this thread again.
Arkadiusz Miśkiewicz PLD/Linux Team
arekm / maven.pl http://ftp.pld-linux.org/
More information about the pld-devel-en