On Tue, Aug 23, 2011 at 04:24:46PM +0100, Stefan Hajnoczi wrote: > On Tue, Aug 23, 2011 at 12:15 PM, Daniel P. Berrange > <berrange@xxxxxxxxxx> wrote: > > I was at the KVM Forum / LinuxCon last week and there were many > > interesting things discussed which are relevant to ongoing libvirt > > development. Here was the list that caught my attention. If I have > > missed any, fill in the gaps.... > > > > - Sandbox/container KVM. The Solaris port of KVM puts QEMU inside > > a zone so that an exploit of QEMU can't escape into the full OS. > > Containers are Linux's parallel of Zones, and while not nearly as > > secure yet, it would still be worth using more containers support > > to confine QEMU. > > Can you elaborate on why Linux containers are "not nearly as secure" > [as Solaris Zones]? Mostly because the Linux namespace functionality is far from complete, notably lacking proper UID/GID/capability separation, and UID/GID virtualization wrt filesystems. The longer answer is here: https://wiki.ubuntu.com/UserNamespace So at this time you can't build a secure container on Linux, relying just on DAC alone. You have to add in a MAC layer ontop of the container to get full security benefits, which obviously defeats the point of using the container as a backup for failure in the MAC layer. > > - Native KVM tool. The problem statement was that the QEMU code is too > > big/complex & and command line args are too complex, so lets rewrite > > from scratch to make the code small & CLI simple. They achieve this, > > but of course primarily because they lack so many features compared > > to QEMU. They had libvirt support as a bullet point on their preso, > > but I'm not expecting it to replace the current QEMU KVM support in > > the forseeable future, given its current level of features and the > > size of its dev team compared to QEMU/KVM. They did have some fun > > demos of booting using the host OS filesystem though. We can > > actually do the same with regular KVM/libvirt but there's no nice > > demo tool to show it off. I'm hoping to create one.... > > Yep it's virtfs which QEMU has supported for a while. The trick is > setting things up so that the Linux guest boots from virtfs. It isn't actually that hard from a technical POV, it is just that most (all?) distros typical initrd files lack support for specifying 9p over virtio as a root filesystem. Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list