On Fri, Sep 19, 2014 at 04:29:53PM -0700, H. Peter Anvin wrote: > > Actually, a much bigger reason is because it lets rogue guest *user > space*, even will a well-behaved guest OS, do something potentially > harmful to the host. Right, but if the host kernel is dependent on the guest OS for security, the game is over. The Guest Kernel must NEVER been able to do anything harmful to the host. If it can, it is a severe security bug in KVM that must be fixed ASAP. - Ted -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html