On 09/04/2014 08:37 PM, bancfc@xxxxxxxxxxxxxxx wrote: > Hello. I am thinking about using the feature of passing through qemu > commands via libvirt. Before I do that I want to make sure that it > doesn't have negative security implications. Only if the actions you do through the backdoor cause something to happen behind libvirt's back in a way that makes libvirt misbehave. It's enough of a risk that the interface is explicitly declared unsupported; but if you only use it for QMP query-* commands, which cannot change qemu state, and therefore cannot confuse libvirt, you probably have no security risk. > > I understand that talking to qemu-kvm directly via commandline strips > vms from having sVirt protections applied. > > Is use of this feature the same case? The domain is still started by libvirt, so sVirt is still in full force. Using virDomainQemuMonitorCommand is indeed a reasonable way to get through to the qemu monitor while still keeping the security labels intact. Where it gets tricky is what commands you use - better would be patching libvirt to support those actions as a proper supported API. -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list