Mailing List Archive

On Dec 22, 2012 3:39 PM, "Alex Efros" <powerman@powerman.name> wrote:
> Is there exists __ANY__ way to run at least Win7 on 64-bit hardened gentoo
> with good enough speed for comfortable use (on fast enough modern system:
> Core i7 @ 4.6GHz + GeForce GTX 560 Ti using x11-drivers/nvidia-drivers)?
[...]
> How you guys live without that since about 2.6.39 (when
> virtualization support was broken in hardened)?

I've been running virtualized guests on kvm for quite some time now on
Gentoo Hardened. Even Win7 although I haven't booted that one in over 6
months.

On 12/22/2012 09:37 AM, Alex Efros wrote:
> Hi!
>
> Ok, let's forget about VMware/VirtualBox, 3D acceleration, MacOSX…
>
> I want all of this, but, hell, I can probably live without it.
>
> Is there exists __ANY__ way to run at least Win7 on 64-bit hardened gentoo
> with good enough speed for comfortable use (on fast enough modern system:
> Core i7 @ 4.6GHz + GeForce GTX 560 Ti using x11-drivers/nvidia-drivers)?
>
> Actually, do programmers use hardened gentoo at all? I'm a programmer, and
> I need to test my code. And this mean I need to test portability issues
> too. So, I need to be able to run both 32- and 64-bit versions of
> different OS. How you guys live without that since about 2.6.39 (when
> virtualization support was broken in hardened)?
>

Use KVM, it works well enough. The libvirt and virt-manager stuff was
more trouble than it was worth the last time I tried, but you can create
simple shell scripts to launch your VMs. For example,

$ cat bin/xp32
#!/bin/bash
qemu-kvm \
-m 2048 \
-localtime \
-daemonize \
-sdl \
-k en-us \
-soundhw all \
-hda $1

I also have, running my school copies of Mathematica et. al,

$ cat bin/math
#!/bin/bash
qemu-kvm \
-m 3192 \
-cpu kvm64 \
-smp 2 \
-sdl \
-daemonize \
-k en-us \
-drive file=/mnt/storage/kvm/math.img,media=disk,index=0,if=virtio

Hi!

On Sat, Dec 22, 2012 at 10:39:08AM -0500, Michael Orlitzky wrote:
> Use KVM, it works well enough. The libvirt and virt-manager stuff was

I've spend these days playing with it. I've converted Win7 64-bit from my
VMware and after fixing a lot of things here and there finally get it to work.
It's a little slower than in VMware, but fast enough so it's ok.
Video (including youtube/flash) is too slow to be usable, but I don't need it.
Everything else works ok.

I didn't tried Win7 32-bit or XP yet, but I believe they'll work too…
after fixing a lot other things here and there, of course.

But, sad truth is, I'm also need a MacOSX. Because sometimes something
don't work there and I need to test/fix it. Moreover, most of users use
latest MacOSX version, so I need that one. Or, at least, Lion (10.7).
But, according to http://www.contrib.andrew.cmu.edu/~somlo/OSXKVM/
it looks like neither 10.7 nor 10.8 work in qemu at all, and 10.6 require
linux kernel patches (which I didn't like because it's maintenance headache).
All successful reports related to running MacOSX in qemu which I was able
to find are about 10.5, which is too old for my needs (there is also one
10.6 preinstalled image on torrents which pretend to be compatible with
VMware, VirtualBox and RHEV (and thus qemu), but I didn't see anyone
really used that on RHEV, so it may be fake).


So, looks like until VMware/VirtualBox support will be fixed for amd64
hardened, I can't do my work without maintaining second non-hardened
kernel and rebooting between hardened and non-hardened kernels each time I
need to test something in other OSes. :(

--
WBR, Alex.

Hi!

On Wed, Dec 26, 2012 at 02:04:34AM +0200, Alex Efros wrote:
> So, looks like until VMware/VirtualBox support will be fixed for amd64
> hardened, I can't do my work without maintaining second non-hardened
> kernel and rebooting between hardened and non-hardened kernels each time I
> need to test something in other OSes. :(

Good news!
VirtualBox now works with hardened kernel if these options are disabled:
[ ] Enforce non-executable kernel pages
[ ] Randomize kernel stack base


https://bugs.gentoo.org/show_bug.cgi?id=382793

--
WBR, Alex.

On Tue, 6 Aug 2013 02:14:25 +0300
Alex Efros <powerman@powerman.name> wrote:

> Good news!
> VirtualBox now works with hardened kernel if these options are disabled:
> [ ] Enforce non-executable kernel pages
> [ ] Randomize kernel stack base

I wouldn't call such news good. KERNEXEC, especially on x86_64, plays a
big role in protecting the kernel from both local and remote attacks.
KVM doesn't require such arguable compromises (no pun intended).

Hi!

On Tue, Aug 06, 2013 at 12:58:12PM +0800, Pavel Labushev wrote:
> I wouldn't call such news good. KERNEXEC, especially on x86_64, plays a
> big role in protecting the kernel from both local and remote attacks.
> KVM doesn't require such arguable compromises (no pun intended).

True. But KVM unable to run Mac OS X, that's main reason to use VirtualBox.
Less important things: KVM don't support 3D acceleration; don't have
signed drivers for guest Windows (and thus require switching Windows to
"Testing mode" to install drivers); sometimes it need awful tricks like
building custom BIOS from patches sources; I can't give my KVM virtual
machines to friends which use Windows as host OS; etc.
KVM works and this is very good, but for now it's still far away from real
products like VMware or VirtualBox.

--
WBR, Alex.

On 08/06/13 13:04, Alex Efros wrote:
> On Tue, Aug 06, 2013 at 12:58:12PM +0800, Pavel Labushev wrote:
>> I wouldn't call such news good. KERNEXEC, especially on x86_64, plays a
>> big role in protecting the kernel from both local and remote attacks.
>> KVM doesn't require such arguable compromises (no pun intended).
>
> True. But KVM unable to run Mac OS X, that's main reason to use VirtualBox.
> Less important things: KVM don't support 3D acceleration; don't have
> signed drivers for guest Windows (and thus require switching Windows to
> "Testing mode" to install drivers); sometimes it need awful tricks like
> building custom BIOS from patches sources; I can't give my KVM virtual
> machines to friends which use Windows as host OS; etc.

I have no Windows license to test this, but as far as I found these
drivers should be signed:

https://alt.fedoraproject.org/pub/alt/virtio-win/latest/

- Matthias-Christian

On 08/06/2013 05:09 PM, Matthias-Christian Ott wrote:
> On 08/06/13 13:04, Alex Efros wrote:
>> On Tue, Aug 06, 2013 at 12:58:12PM +0800, Pavel Labushev wrote:
>>> I wouldn't call such news good. KERNEXEC, especially on x86_64, plays a
>>> big role in protecting the kernel from both local and remote attacks.
>>> KVM doesn't require such arguable compromises (no pun intended).
>>
>> True. But KVM unable to run Mac OS X, that's main reason to use VirtualBox.
>> Less important things: KVM don't support 3D acceleration; don't have
>> signed drivers for guest Windows (and thus require switching Windows to
>> "Testing mode" to install drivers); sometimes it need awful tricks like
>> building custom BIOS from patches sources; I can't give my KVM virtual
>> machines to friends which use Windows as host OS; etc.
>
> I have no Windows license to test this, but as far as I found these
> drivers should be signed:
>
> https://alt.fedoraproject.org/pub/alt/virtio-win/latest/
>
> - Matthias-Christian
>
I've used fedora's virtio drivers with a windows8 before (windows 8.1
actually).

--
-- Matthew Thode (prometheanfire)