On 09/16/2009 06:27 PM, Arnd Bergmann wrote: > That scenario is probably not so relevant for KVM, unless you > consider the guest taking over the qemu host process a valid > security threat. >
It is. We address it by using SCM_RIGHTS for all sensitive operations and selinuxing qemu as tightly as possible. -- I have a truly marvellous patch that fixes the bug which this signature is too narrow to contain. _______________________________________________ Virtualization mailing list Virtualization@lists.linux-foundation.org https://lists.linux-foundation.org/mailman/listinfo/virtualization
