Stefan Berger <stef...@linux.vnet.ibm.com> writes: > It depends on what one defends against. If a jail-break succeeds and > open() is disabled, then that attack surfaces was effectively reduced. > It's hard to say whether opening files within libvirt could then allow > new exploits.
Well, in the very least, libvirt is doing the open() as root whereas QEMU does it as an unprivileged user. Regards, Anthony Liguori > > Stefan