On 05/13/2015 12:52 PM, Daniel P. Berrange wrote: > On Wed, May 13, 2015 at 12:38:23PM -0400, Chuck Anderson wrote: >> In the news: >> >> http://www.zdnet.com/article/venom-security-flaw-millions-of-virtual-machines-datacenters/ >> >> http://venom.crowdstrike.com/ >> >> I'm wondering how SELinux/SVirt can protect against this? >> >> https://libvirt.org/drvqemu.html#securitysvirt >> >> My guess is that if an attacker subverts a qemu-kvm guest, they cannot >> use that to access other VMs. But can they still crash the other >> guests or the host itself? > sVirt confines each QEMU process. So while you can crash the QEMU process > associated with your own guest, you should not be able to escalate from > there to take over the host, nor be able to compromise other guests on > the same host. The attacker would need to find a second independent > security flaw to let them escape SELinux in some manner, or some way > to trick libvirt via its QEMU monitor connection. Nothing is guaranteed > 100% foolproof, but in absence of other known bugs, sVirt provides good > anti-venom for this flaw IMHO. > > Regards, > Daniel Just blogged on this, quoting Daniel's excellent statemet. http://danwalsh.livejournal.com/71489.html -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
