Re: Direct Kernel Boot and Security

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, Jun 24, 2018 at 21:19:06 +0000, procmem wrote:
> Hi. What are the security implications for the host when using direct
> kernel boot for guests that are potentially malicious? Is guest

The same as for any VM. The only factor may be how the kernel for the
guest is obtained. If the kernel and initrd are present on the host it's
as every other VM.

Obviously if you try to get the kernel/initrd from the guest/VM image
there are security implications e.g. by mounting the image on the host.

> filesystem data saved to an emulated drive or directly on the host? [0]

This depends solely on the configuration of the <disk> so anything
related to that applies.

> Direct boot seems like an otherwise more efficient way to do things.
> 
> [0] It was discovered that tenants using cloud infrastructure that used
> LVM were able to recover deleted sensitive data from others however
> emulated drives control the data available to the guest at a very low
> level and consequently don't suffer from this huge disadvantage.

Using a qcow2 image as a file can avoid this. Just set your disks
correctly.

> 
> _______________________________________________
> libvirt-users mailing list
> libvirt-users@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/libvirt-users

Attachment: signature.asc
Description: PGP signature

_______________________________________________
libvirt-users mailing list
libvirt-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvirt-users

[Index of Archives]     [Virt Tools]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]

  Powered by Linux