On Fri, Oct 12, 2012 at 12:06:44PM +0200, Gerd Hoffmann wrote: > Hi, > > >>> I just tried out getting rid of the bridges by default. > >> > >> That clearly raises the question which devices should be created > >> automatically by -M q35. I think the devices which are part of the ich9 > >> chipset should be there by default. /me looks at my laptop which > >> happens to have a ich9 chipset. > > > > The reason this is a bad idea is very simple: we only have a way to add > > devices not to remove them. So if you miss a device which your guest > > needs, it is easy to add, but there is no way to remove. > > Why would you want remove devices? They don't harm when present.
Yes they do, they increase attack surface on hypervisor. -- MST
