On Thu, Feb 26, 2009 at 04:42:59PM +, Daniel P. Berrange wrote:
>
> This patch is more focused on access control. CGroups has a controller
> that enforces ACLs on device nodes. This allows us to restrict exactly
> what block/character devices a guest is allowed to access. So in the
> absence
This patch is more focused on access control. CGroups has a controller
that enforces ACLs on device nodes. This allows us to restrict exactly
what block/character devices a guest is allowed to access. So in the
absence of something like SELinux sVirt, you can get a degree of
isolation between VM