Re: [PATCH RFC v2 00/13] IOMMUFD Generic interface

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Sep 22, 2022 at 12:06:33PM +0100, Daniel P. Berrangé wrote:

> So per-user locked mem accounting looks like a regression in
> our VM isolation abilities compared to the per-task accounting.

For this kind of API the management app needs to put each VM in its
own user, which I'm a bit surprised it doesn't already do as a further
protection against cross-process concerns.

The question here is how to we provide enough compatability for this
existing methodology while still closing the security holes and
inconsistencies that exist in the kernel implementation.

Jason





[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux