On 01/28/2010 10:37 AM, Michael S. Tsirkin wrote:
So actually, this is an interesting argument in favor of
turning disablenetwork from per-process as it is now
to per-file.
Yup. I think we really need a file-based restriction mechanism and so
far, neither disablenetwork or network namespace seems to do that.
I think you might be able to mitigate this with SELinux since I'm fairly
certain it can prevent SCM_RIGHTS but SELinux is not something that can
be enforced within a set of applications so we'd be relying on SELinux
being enabled (honestly, unlikely) and the policy being correctly
configured (unlikely in the general case at least).
Regards,
Anthony Liguori
Regards,
Anthony Liguori
Regards,
Anthony Liguori
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
