Gentoo, a friend of Devuan's run in Qemu/Libvirt with grsecurity policy enabled (12)

(No. 0)  No. 1  No. 2  No. 3  No. 4  No. 5  No. 6  No. 7  No. 8  No. 9  No. 10  No. 11  No. 12  No. 13  No. 14 

To understand how much work it is for me (and the American very dear to me, to whom lots of us are thankful for his privacy-friendly revelations, so useful for democracy in the world, is quoted to have said how --paraphrasing-- grsecurity is too hard to be easily used by the general public), you should visit the developing topic in the grsecurity forums

Libvirt virtualization policies

So, I installed --in the libvirt way-- Gentoo installation CD with virt-install, and ran it with virt-viewer.

Importantly, virt-install is part of my sans-dbus virt-manager installation. dbus --or d-bus-- is not in my system, it's a dangerous friend of systemd's, I don't want it at home here:

GUI-less (non-dbus) virt-manager (to run Tails in Gentoo)

---

First I had to run it with grsecurity's RBAC policy disabled.

dump_170306_0026_g0n.pcap

---

Then I eventually (see how complex it is in the grsecurity forums topic linked above) figured out what was missing in the policy, and I ran it with grsecurity enabled --with the programs around libvirt in learning mode.

dump_170306_1430_g0n.pcap

---

The files necessary for this study are listed in:

ls-1pg12

dump_170306_0026_g0n.pcap
dump_170306_0026_g0n_SSLKEYLOGFILE.txt
dump_170306_1430_g0n.pcap
Screen_170306_0026_g0n.webm
Screen_170306_1430_g0n.webm

and verify to: ls-1pg12.sum signed by: ls-1pg12.sum.asc

You might find dump_dlo.sh script from my uncenz program more useful then downloading each file separately.