On 09/16/2009 06:27 PM, Arnd Bergmann wrote:
That scenario is probably not so relevant for KVM, unless you consider the guest taking over the qemu host process a valid security threat.
It is. We address it by using SCM_RIGHTS for all sensitive operations and selinuxing qemu as tightly as possible.
-- I have a truly marvellous patch that fixes the bug which this signature is too narrow to contain. -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html