On 11/10/2011 11:04 AM, Sasha Levin wrote: > On Thu, Nov 10, 2011 at 10:57 AM, Markus Armbruster <armbru@xxxxxxxxxx> wrote: > > Sasha Levin <levinsasha928@xxxxxxxxx> writes: > > > >> On Thu, Nov 10, 2011 at 9:57 AM, Markus Armbruster <armbru@xxxxxxxxxx> wrote: > > [...] > >>> Start with a clean read/write raw image. Probing declares it raw. > >>> Guest writes QCOW signature to it, with a backing file of its choice. > >>> > >>> Restart with the same image. Probing declares it QCOW2. Guest can read > >>> the backing file. Oops. > >> > >> Thats an excellent scenario why you'd want to have 'Secure KVM' with > >> seccomp filters :) > > > > Yup. > > > > For what it's worth, sVirt (use SELinux to secure virtualization) > > mitigates the problem. Doesn't mean we couldn't use "Secure KVM". > > How does it do it do that? You have a hypervisor trying to read > arbitrary files on the host FS, no? Trying and failing. sVirt will deny access to all files except those explicitly allowed by libvirt. -- error compiling committee.c: too many arguments to function -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
