Anthony Liguori wrote: > James Morris wrote: > >> On Fri, 20 Jul 2007, Daniel P. Berrange wrote: >> >> >> >>> It could be - if your put the policy at the control API layer instead of >>> in QEMU itself. >>> >>> >> Then you can bypass MAC security by invoking qemu directly. >> >> > > You can bypass MAC security by writing your own binary that uses the KVM > kernel interfaces. > >
I guess modifying qemu makes sense if the modification gives you *more* permissions. i.e. you start out just with the ability to access the disk image, and then you transition to a new domain that allows you to access some network. Is that what is intended here? -- Do not meddle in the internals of kernels, for they are subtle and quick to panic. ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ kvm-devel mailing list kvm-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/kvm-devel
