On 03/24/2010 05:50 PM, Joerg Roedel wrote:
On Wed, Mar 24, 2010 at 05:43:31PM +0200, Avi Kivity wrote:
On 03/24/2010 05:37 PM, Joerg Roedel wrote:
Even better. So a guest which breaks out can't even access its own
/sys/kvm/ directory. Perfect, it doesn't need that access anyway.
But what security label does that directory have? How can we make sure
that whoever needs access to those files, gets them?
Automatically created objects don't work well with that model. They're
simply missing information.
If we go the /proc/<pid>/kvm way then the directory should probably
inherit the label from /proc/<pid>/?
That's a security policy. The security people like their policies
outside the kernel.
For example, they may want a label that allows a trace context to read
the data, and also qemu itself for introspection.
Same could be applied to /sys/kvm/guest/ if we decide for it. The VM is
still bound to a single process with a /proc/<pid> after all.
Ditto.
--
error compiling committee.c: too many arguments to function
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html