On Thu, Dec 02, 2010 at 03:04:35PM -0800, Shi Jin wrote: > > James Morris' presentation is referring to this published > > demonstration > > of exploiting Xen a few years ago > > > > Â http://www.securityfocus.com/archive/1/497376 > > Â http://invisiblethingslab.com/resources/misc08/xenfb-adventures-10.pdf > > > > The key difference sVirt makes is at chapter 3.4 in the > > paper. > > > > In Xen world, there was a single SELinux domain (xend_t) > > that covered > > XenD and all the QEMU processes. Since all VMs & XenD > > ran as the same > > context, any exploited QEMU process in Xen, could access > > any other > > guest disks, as well as any host disks. > > > > In the KVM + sVirt world, every QEMU process is separated > > by a dedicated > > MCS category on its SELinux context. The disks assigned to > > a guest are > > labelled with the same MCS category. This means that an > > exploited QEMU > > can only access disks which were explicitly assigned to it, > > and cannot > > access the host disk devices. This prevents the step in > > that paper > > where they overwrite various key files in the host OS root > > filesystem > > Is there any well documented KVM exploit that can be reproduced > without too much trouble, assuming SELinux (sVirt) is turned > off? Then I can demonostrate the effect of sVirt by turning it on. I'm not aware of any documented KVM exploit. Regards, Daniel -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list