On 12/30/2013 08:44 AM, adrelanos wrote: > Hi, > > I am currently working on testing out KVM as a platform for Whonix, a > Debian based spin with anonymity enforcement via usage of virtual > machines. All traffic from a workstation vm is forced through a Tor > gateway on the second gateway vm. Safeguarding against high level > attacks (0days and advanced persistent threats) is our top priority and > so right now we are hammering out the details of what virtual hardware > should be attached into the vms. > > In your opinion is enabling SPICE and 2D acceleration via QXL+vdagent in > the guest, a security risk to the host? Consider this question in a > scenario where the host is a RedHat derivative that has SElinux and > secomp enabled for QEMU. We want to find out whether this is a case of > security vs convenience.
Enabling spice adds more code running on the host in the same context as the qemu process (libspice-server is linked to qemu), so I'd say yes (not sure what risk is acceptable, or what risk means exactly, but it is a risk in the english sense :). > > Thanks for you time. > _______________________________________________ > Spice-devel mailing list > Spice-devel@lists.freedesktop.org > http://lists.freedesktop.org/mailman/listinfo/spice-devel > _______________________________________________ Spice-devel mailing list Spice-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/spice-devel
