On 05/28/2010 10:46 AM, Cole Robinson wrote: >> Leaving qemu privileged means that a compromised guest can exploit the >> privileges and do damage to the hypervisor; is it worth adding >> additional comments warning the user about the lack of security inherent >> in clearing the option? >> > > How about > > # If clear_emulator_capabilities is enabled, libvirt will drop all > # privileged capabilities of the QEmu/KVM emulator. This is enabled by # > default. > # > # Warning: Disabling this option means that a compromised guest can > # exploit the privileges and possibly do damage to the host. Sounds good to me with that wording. -- Eric Blake eblake@xxxxxxxxxx +1-801-349-2682 Libvirt virtualization library http://libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list