> James Morris' presentation is referring to this published > demonstration > of exploiting Xen a few years ago > > http://www.securityfocus.com/archive/1/497376 > http://invisiblethingslab.com/resources/misc08/xenfb-adventures-10.pdf > > The key difference sVirt makes is at chapter 3.4 in the > paper. > > In Xen world, there was a single SELinux domain (xend_t) > that covered > XenD and all the QEMU processes. Since all VMs & XenD > ran as the same > context, any exploited QEMU process in Xen, could access > any other > guest disks, as well as any host disks. > > In the KVM + sVirt world, every QEMU process is separated > by a dedicated > MCS category on its SELinux context. The disks assigned to > a guest are > labelled with the same MCS category. This means that an > exploited QEMU > can only access disks which were explicitly assigned to it, > and cannot > access the host disk devices. This prevents the step in > that paper > where they overwrite various key files in the host OS root > filesystem > > Regards, > Daniel > Cool! Is there any well documented KVM exploit that can be reproduced without too much trouble, assuming SELinux (sVirt) is turned off? Then I can demonostrate the effect of sVirt by turning it on. Thank you very much. Shi -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list