On Wed, Jan 27, 2010 at 12:02:34PM -0600, Anthony Liguori wrote: > On 01/27/2010 11:54 AM, Sridhar Samudrala wrote: >> I too think that we should not block raw backend in qemu just because of >> security reasons. It should be perfectly fine to use raw backend in >> scenarios where qemu can be run as a privileged process. >> >> libvirt need not support raw backend until we figure out a secure way to >> start qemu when passing raw fd. using network namespaces seems like a >> good option. >> > > Introducing something that is known to be problematic from a security > perspective without any clear idea of what the use-case for it is is a > bad idea IMHO. vepa on existing kernels is one use-case. > Regards, > > Anthony Liguori > >> Thanks >> Sridhar >> >> -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
