Kernel config for a Gentoo KVM guest

[micxer]

Hi folks,

I'm in the process of setting up my new VServer that is hosted on a KVM host. After digging through a lot of KVM related posts in this forum, I already got some pointers about CFLAGS and such things but what I didn't found in the web and in the forums was a demo kernel config for a Gentoo x86_64 KVM guest.

I might be a bit too concernced about that but I'd like to have a kernel that's as slim as possible. My main problem are the drivers I need to access the virtualized devices of the host system. I found several references to Pappy's Kernel seeds. Are they also a good point to start with a KVM guest kernel config or is there another resource I'm not aware of for getting me started with configuring my kernel?

Thanks for any hints.

[cach0rr0]

pappy's seeds are definitely a great starting point for this - that's what I use for my KVM guests, and all gentoo kernels I use actually

I can give you an example config, however it will be for hardened-sources

The other thing to remember, the drivers you select in your kernel will vary based upon how you start up your KVM guest. For mine, I use VIRTIO stuff everywhere. If you use the same, the best thing to do is start with one of Pappy's seeds, enable the file system support you need, and then use menuconfig's search facility (hit the forward /slash), and search for 'VIRTIO' - you need to, at a minimum, enable these:

[micxer]

Thanks for all the info. I will go with pappy's seeds then and the hardened sources. It will have to survive "the internet" so I'm trying to be as thorough as possible in securing it. Also I've used Gentoo for a long time for my small home server and I didn't know about the search feature of menuconfig

Since I'm new to KVM and I just use the VServer instance at a hosting company I have no access nor any information what exact KVM host configuration they use and how they start my guest system. But as for the VIRTIO stuff, my lspci reads as follows:

[cach0rr0]

bah...ok, seems they're not doing virtio except for balloon. shame.

On mine it's:

[micxer]

Thanks for the advice so far and sorry for not getting back yet. I had quite a lot of work and wasn't that motivated to also sit in front of a screen in the evenings. Anyway I think I can give it a try this weekend and I'm looking forward to my first hardened Gentoo server

[Loggy]

This is a really useful post as I am trying to do much the same, albeit using a patched kernel on Ubuntu 10.04 LTS rather than Gentoo - I didn't really want to compile everything .

My problem is that I am piloting a service on an old PE1850 that is sitting noisily in my office but that doesn't have VT enabled chips! I have stripped the kernel down and at 2MB it is almost monolithic [2.6.32.28 vanilla patched (of course) with grsecurity]. It will be monolithic once I have set a boot partition that is ext2 rather than ext3 .

My target is a cloud system that uses KVM so I wanted to know what drivers to include so I could just upload the kernel and header .debs and install. I don't mind leaving the few PE1850 drivers etc in - that's no overhead - but I didn't want a module-fest with exposed handles and symbols all over the place.

I think your answers have helped a lot here - I will be trying to upload in the next week or so so I wll let you know...

So thanks 10^6

[micxer]

I finally managed to complete all steps and the server is running. Thanks again for the advice and if anyone needs a little guidance to setup a server with Gentoo and KVM and doesn't want to go through the trouble of collecting all information needed to get started, have a look at http://micxer.de/blog/plugin/tag/kvm .

[cloc3]