Martin Lucina
Martin Lucina
@adamsteen Moving the SSP discussion to #293 which I've re-opened.
@hannesm I've started a thread on `freebsd-virtualization@` about this, archives here: https://marc.info/?l=freebsd-virtualization&m=154470008622609&w=2
@adamsteen Thanks, keep me up to date on how it goes. For the purposes of testing, you can use the test_nox at https://github.com/mato/solo5/tree/enforce-nox, and temporarily hack in the call to...
@hannesm Sorry about the dissapearance of that branch. Take a look at [enforce-nox-v2](https://github.com/mato/solo5/tree/enforce-nox-v2) which I just pushed, this only includes the tests but does not hook them up yet. Interestingly,...
@hannesm I've merged the W^X tests (and enabled some combinations) in #363. Regarding the KVM behaviour, it turns out that KVM does not support marking pages as NX from the...
Done. (Note to self: Update the status on this issue to make it clear where we're at with the various hvt/host combinations)
Yeah, I know. My plan here is to try and see if I can get the `spt` tender to unmap _everything_ from its process address space before jumping into the...
There are other reasons for keeping the tender for spt, I don't expect that to go away any time soon. Among other things, the recently merged build changes open the...
#479 opens up a path to fix this, since we now have the generated BPF seccomp filter available and load it directly. Rough sketch of how it could be done:...
See also #334.