On 02/26/2010 01:48 PM, Peter Zijlstra wrote:
On Fri, 2010-02-26 at 12:47 +0200, Avi Kivity wrote:
Not really. The guest and host admins are usually different people, who
may, being admins, even actively hate each other. The guest admin would
probably regard it as a security hole. It's probably useful for the
single-host scenario, and of course for developers.
LOL, let me be the malicious host admin, then you can be the guest,
there is no way you can protect yourself. If you don't trust the host,
don't use it.
All your IO flows through the host, all your sekrit keys are in memory,
there is no security.
That's true. But guest admins are going to be unhappy about a file
server serving their data to the host all the same.
--
Do not meddle in the internals of kernels, for they are subtle and quick to panic.
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html