On Wed, May 13, 2015 at 12:38:23PM -0400, Chuck Anderson wrote: > In the news: > > http://www.zdnet.com/article/venom-security-flaw-millions-of-virtual-machines-datacenters/ > > http://venom.crowdstrike.com/ > > I'm wondering how SELinux/SVirt can protect against this? > > https://libvirt.org/drvqemu.html#securitysvirt > > My guess is that if an attacker subverts a qemu-kvm guest, they cannot > use that to access other VMs. But can they still crash the other > guests or the host itself? sVirt confines each QEMU process. So while you can crash the QEMU process associated with your own guest, you should not be able to escalate from there to take over the host, nor be able to compromise other guests on the same host. The attacker would need to find a second independent security flaw to let them escape SELinux in some manner, or some way to trick libvirt via its QEMU monitor connection. Nothing is guaranteed 100% foolproof, but in absence of other known bugs, sVirt provides good anti-venom for this flaw IMHO. Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
