Hello, I`ve found that the currently end-user may not migrate a VM between nodes with different security_require_confined, what are reasons to forbid such a thing? The security measures are almost not applicable here - if the guest was able to poison the emulator` stack on an unsecured node, he may do the same on a secured one, though the potential consequences will be far more limited. Are there any real-world cases whose prohibition may be helpful in a terms of security measurements for migration I am currently missing? I think it would be safe to exclude total poisoning of a source node in which case libvirtd itself is owned and can try to send a malicious configuration (with changed backing files locations for example). Thanks! _______________________________________________ libvirt-users mailing list libvirt-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvirt-users
