On Thu, May 17, 2012 at 10:02:01PM +0800, Zhi Yong Wu wrote:
On Thu, May 17, 2012 at 9:42 PM, Stefan Hajnoczi
stefa...@linux.vnet.ibm.com wrote:
On Fri, May 04, 2012 at 11:28:47AM +0800, Zhi Yong Wu wrote:
On Tue, May 1, 2012 at 11:31 PM, Stefan Hajnoczi
stefa...@linux.vnet.ibm.com wrote:
On Fri, May 04, 2012 at 11:28:47AM +0800, Zhi Yong Wu wrote:
On Tue, May 1, 2012 at 11:31 PM, Stefan Hajnoczi
stefa...@linux.vnet.ibm.com wrote:
Libvirt can take advantage of SELinux to restrict the QEMU process and
prevent
it from opening files that it should not have access to. This
On Thu, May 17, 2012 at 9:42 PM, Stefan Hajnoczi
stefa...@linux.vnet.ibm.com wrote:
On Fri, May 04, 2012 at 11:28:47AM +0800, Zhi Yong Wu wrote:
On Tue, May 1, 2012 at 11:31 PM, Stefan Hajnoczi
stefa...@linux.vnet.ibm.com wrote:
Libvirt can take advantage of SELinux to restrict the QEMU
On Thu, May 17, 2012 at 9:42 PM, Stefan Hajnoczi
stefa...@linux.vnet.ibm.com wrote:
On Fri, May 04, 2012 at 11:28:47AM +0800, Zhi Yong Wu wrote:
On Tue, May 1, 2012 at 11:31 PM, Stefan Hajnoczi
stefa...@linux.vnet.ibm.com wrote:
Libvirt can take advantage of SELinux to restrict the QEMU
On Tue, May 1, 2012 at 11:31 PM, Stefan Hajnoczi
stefa...@linux.vnet.ibm.com wrote:
Libvirt can take advantage of SELinux to restrict the QEMU process and prevent
it from opening files that it should not have access to. This improves
security because it prevents the attacker from escaping the
On Tue, May 01, 2012 at 04:31:42PM +0100, Stefan Hajnoczi wrote:
Libvirt can take advantage of SELinux to restrict the QEMU process and prevent
it from opening files that it should not have access to. This improves
security because it prevents the attacker from escaping the QEMU process if
Il 01/05/2012 22:56, Eric Blake ha scritto:
What sort
of timing restrictions are there? For example, the proposed
'drive-reopen' command (probably now delegated to qemu 1.2) would mean
that qemu would be calling back into libvirt in order to do the reopen.
If libvirt takes its time in
Il 02/05/2012 11:56, Daniel P. Berrange ha scritto:
I tend to agree - we have been talking about -blockdev for faar to long
without (AFAICT) making any real progress towards getting it done. I'd
love to see someone bite the bullet have a go at implementing it
Having a spec would help
Libvirt can take advantage of SELinux to restrict the QEMU process and prevent
it from opening files that it should not have access to. This improves
security because it prevents the attacker from escaping the QEMU process if
they manage to gain control.
NFS has been a pain point for SELinux
Thanks for sending this out Stefan.
On 05/01/2012 10:31 AM, Stefan Hajnoczi wrote:
Libvirt can take advantage of SELinux to restrict the QEMU process and prevent
it from opening files that it should not have access to. This improves
security because it prevents the attacker from escaping the
On 05/01/2012 02:25 PM, Anthony Liguori wrote:
Thanks for sending this out Stefan.
Indeed.
This series adds the -open-hook-fd command-line option. Whenever QEMU
needs to
open an image file it sends a request over the given UNIX domain
socket. The
response includes the file descriptor or
11 matches
Mail list logo
