On Sun, Jun 24, 2018 at 21:19:06 +0000, procmem wrote: > Hi. What are the security implications for the host when using direct > kernel boot for guests that are potentially malicious? Is guest The same as for any VM. The only factor may be how the kernel for the guest is obtained. If the kernel and initrd are present on the host it's as every other VM. Obviously if you try to get the kernel/initrd from the guest/VM image there are security implications e.g. by mounting the image on the host. > filesystem data saved to an emulated drive or directly on the host? [0] This depends solely on the configuration of the <disk> so anything related to that applies. > Direct boot seems like an otherwise more efficient way to do things. > > [0] It was discovered that tenants using cloud infrastructure that used > LVM were able to recover deleted sensitive data from others however > emulated drives control the data available to the guest at a very low > level and consequently don't suffer from this huge disadvantage. Using a qcow2 image as a file can avoid this. Just set your disks correctly. > > _______________________________________________ > libvirt-users mailing list > libvirt-users@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/libvirt-users
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ libvirt-users mailing list libvirt-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvirt-users
