Hello.
Vadim Korschok wrote:
> You don't need any X or SDL.
> If you have KVM installed make:
>
> 1. emerge -C kvm
> 2. USE="-sdl" emerge kvm
>
> that should solve the problem.
Oh, thank you.
> After that:
>
> 1. kvm-img create -f qcow2 image.img 20G
> 2. kvm -hda /absolute/path/to/image.img -boot d -cdrom
> /absolute/path/to/gentoo-livecd.iso -m 512 -net nic,vlan=0,model=e1000 -net
> tap,vlan=0 -vnc :0
>
> Then you can connect over VNC to the livecd over Port 5900.
>
OK. I succeeded to connect over VNC to the livecd over Port 5900.
However, I couldn't reproduce your problem, though something network related
configuration seems to be wrong in my environment.
Below are my configs.
sakura ~ # grep PAX /usr/src/linux-2.6.27-ccs-hardened-r7/.config
CONFIG_PAX=y
CONFIG_PAX_SOFTMODE=y
CONFIG_PAX_EI_PAX=y
CONFIG_PAX_PT_PAX_FLAGS=y
# CONFIG_PAX_NO_ACL_FLAGS is not set
CONFIG_PAX_HAVE_ACL_FLAGS=y
# CONFIG_PAX_HOOK_ACL_FLAGS is not set
CONFIG_PAX_NOEXEC=y
CONFIG_PAX_PAGEEXEC=y
CONFIG_PAX_EMUTRAMP=y
CONFIG_PAX_MPROTECT=y
CONFIG_PAX_NOELFRELOCS=y
CONFIG_PAX_KERNEXEC=y
CONFIG_PAX_ASLR=y
CONFIG_PAX_RANDUSTACK=y
CONFIG_PAX_RANDMMAP=y
CONFIG_PAX_MEMORY_SANITIZE=y
CONFIG_PAX_REFCOUNT=y
sakura ~ # grep GRSECURITY /usr/src/linux-2.6.27-ccs-hardened-r7/.config
CONFIG_GRKERNSEC=y
# CONFIG_GRKERNSEC_LOW is not set
# CONFIG_GRKERNSEC_MEDIUM is not set
# CONFIG_GRKERNSEC_HIGH is not set
# CONFIG_GRKERNSEC_HARDENED_SERVER is not set
CONFIG_GRKERNSEC_HARDENED_WORKSTATION=y
# CONFIG_GRKERNSEC_CUSTOM is not set
CONFIG_GRKERNSEC_KMEM=y
# CONFIG_GRKERNSEC_IO is not set
CONFIG_GRKERNSEC_PROC_MEMMAP=y
CONFIG_GRKERNSEC_BRUTE=y
CONFIG_GRKERNSEC_MODSTOP=y
CONFIG_GRKERNSEC_HIDESYM=y
# CONFIG_GRKERNSEC_ACL_HIDEKERN is not set
CONFIG_GRKERNSEC_ACL_MAXTRIES=3
CONFIG_GRKERNSEC_ACL_TIMEOUT=30
CONFIG_GRKERNSEC_PROC=y
# CONFIG_GRKERNSEC_PROC_USER is not set
CONFIG_GRKERNSEC_PROC_USERGROUP=y
CONFIG_GRKERNSEC_PROC_GID=10
CONFIG_GRKERNSEC_PROC_ADD=y
CONFIG_GRKERNSEC_LINK=y
CONFIG_GRKERNSEC_FIFO=y
CONFIG_GRKERNSEC_CHROOT=y
CONFIG_GRKERNSEC_CHROOT_MOUNT=y
CONFIG_GRKERNSEC_CHROOT_DOUBLE=y
CONFIG_GRKERNSEC_CHROOT_PIVOT=y
CONFIG_GRKERNSEC_CHROOT_CHDIR=y
CONFIG_GRKERNSEC_CHROOT_CHMOD=y
CONFIG_GRKERNSEC_CHROOT_FCHDIR=y
CONFIG_GRKERNSEC_CHROOT_MKNOD=y
CONFIG_GRKERNSEC_CHROOT_SHMAT=y
CONFIG_GRKERNSEC_CHROOT_UNIX=y
CONFIG_GRKERNSEC_CHROOT_FINDTASK=y
CONFIG_GRKERNSEC_CHROOT_NICE=y
CONFIG_GRKERNSEC_CHROOT_SYSCTL=y
CONFIG_GRKERNSEC_CHROOT_CAPS=y
# CONFIG_GRKERNSEC_AUDIT_GROUP is not set
# CONFIG_GRKERNSEC_EXECLOG is not set
CONFIG_GRKERNSEC_RESLOG=y
# CONFIG_GRKERNSEC_CHROOT_EXECLOG is not set
# CONFIG_GRKERNSEC_AUDIT_CHDIR is not set
CONFIG_GRKERNSEC_AUDIT_MOUNT=y
# CONFIG_GRKERNSEC_AUDIT_IPC is not set
CONFIG_GRKERNSEC_SIGNAL=y
CONFIG_GRKERNSEC_FORKFAIL=y
CONFIG_GRKERNSEC_TIME=y
CONFIG_GRKERNSEC_PROC_IPADDR=y
# CONFIG_GRKERNSEC_AUDIT_TEXTREL is not set
CONFIG_GRKERNSEC_EXECVE=y
CONFIG_GRKERNSEC_DMESG=y
# CONFIG_GRKERNSEC_TPE is not set
CONFIG_GRKERNSEC_RANDNET=y
# CONFIG_GRKERNSEC_SOCKET is not set
CONFIG_GRKERNSEC_SYSCTL=y
CONFIG_GRKERNSEC_SYSCTL_ON=y
CONFIG_GRKERNSEC_FLOODTIME=10
CONFIG_GRKERNSEC_FLOODBURST=4
sakura ~ # grep TOMOYO /usr/src/linux-2.6.27-ccs-hardened-r7/.config
CONFIG_TOMOYO=y
CONFIG_TOMOYO_MAX_ACCEPT_ENTRY=2048
CONFIG_TOMOYO_MAX_GRANT_LOG=1024
CONFIG_TOMOYO_MAX_REJECT_LOG=1024
sakura ~ # cat /proc/version
Linux version 2.6.27-ccs-hardened-r7 (r...@sakura) (gcc version 3.4.6 (Gentoo
Hardened 3.4.6-r2 p1.5, ssp-3.4.6-1.0, pie-8.7.10)) #2 SMP Tue Feb 2 18:36:49
JST 2009
sakura ~ # cat /etc/conf.d/net.br0
ifconfig_br0=(
"10.xx.xxx.xxx netmask 255.255.255.0"
)
routes_br0=(
"default gw 10.xx.xxx.x"
)
preup() {
brctl addbr br0
brctl addif br0 eth0
ifconfig eth0 0.0.0.0 up
}
sakura ~ # cat /etc/conf.d/net.eth0
sakura ~ # ls -l /etc/init.d/net*
lrwxrwxrwx 1 root root 6 Feb 2 19:49 /etc/init.d/net.br0 -> net.lo
-rwxr-xr-x 1 root root 30696 Feb 2 19:43 /etc/init.d/net.lo
-rwxr-xr-x 1 root root 3311 Feb 2 19:43 /etc/init.d/netmount
sakura ~ # cat ~/kvm.sh
#! /bin/sh
modprobe kvm_intel
modprobe tun
exec kvm -hda /var/tmp/image.img -boot d -cdrom
/var/tmp/livecd-amd64-installer-2008.0-r1.iso -m 512 -net
nic,vlan=0,model=e1000 -net tap,vlan=0 -vnc :0
The dmesg after executing ~/kvm.sh reports no errors:
sakura ~ # dmesg | tail -n 30
input: PC Speaker as /class/input/input9
0000:02:00.0: eth0: (PCI Express:2.5GB/s:Width x1) 00:16:d3:36:72:45
0000:02:00.0: eth0: Intel(R) PRO/1000 Network Connection
0000:02:00.0: eth0: MAC: 2, PHY: 2, PBA No: 005302-003
HDA Intel 0000:00:1b.0: PCI INT B -> GSI 17 (level, low) -> IRQ 17
hda_intel: probe_mask set to 0x1 for device 17aa:2010
HDA Intel 0000:00:1b.0: setting latency timer to 64
grsec: mount of devpts to /dev/pts by /bin/mount[mount:14069] uid/euid:0/0
gid/egid:0/0, parent /bin/bash[bash:14068] uid/euid:0/0 gid/egid:0/0
EXT3 FS on hda1, internal journal
grsec: mount of /dev/hda1 to / by /bin/mount[mount:14085] uid/euid:0/0
gid/egid:0/0, parent /bin/bash[bash:14073] uid/euid:0/0 gid/egid:0/0
grsec: mount of shm to /dev/shm by /bin/mount[mount:14163] uid/euid:0/0
gid/egid:0/0, parent /bin/bash[bash:14160] uid/euid:0/0 gid/egid:0/0
grsec: mount of usbfs to /proc/bus/usb by /bin/mount[mount:14171] uid/euid:0/0
gid/egid:0/0, parent /bin/bash[bash:14160] uid/euid:0/0 gid/egid:0/0
grsec: mount of securityfs to /sys/kernel/security by /bin/mount[mount:14174]
uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:14160] uid/euid:0/0 gid/egid
:0/0
Bridge firewalling registered
device eth0 entered promiscuous mode
0000:02:00.0: eth0: Link is Up 100 Mbps Full Duplex, Flow Control: None
0000:02:00.0: eth0: 10/100 speed: disabling TSO
br0: port 1(eth0) entering learning state
br0: topology change detected, propagating
br0: port 1(eth0) entering forwarding state
tun: Universal TUN/TAP device driver, 1.6
tun: (C) 1999-2004 Max Krasnyansky <[email protected]>
device tap0 entered promiscuous mode
br0: port 2(tap0) entering learning state
kvm: 16151: cpu0 unhandled wrmsr: 0xc0010117 data 0
br0: topology change detected, propagating
br0: port 2(tap0) entering forwarding state
kvm: emulating exchange as write
device tap0 left promiscuous mode
br0: port 2(tap0) entering disabled state
Now, will you send me your kernel 2.6.27 config?
I want to try the same kernel config.
Regards.
_______________________________________________
tomoyo-users-en mailing list
[email protected]
http://lists.sourceforge.jp/mailman/listinfo/tomoyo-users-en
