On Wed, Mar 14, 2012 at 06:58:47PM +0800, Wen Congyang wrote: > At 03/14/2012 06:52 PM, Avi Kivity Wrote: > > On 03/14/2012 12:52 PM, Wen Congyang wrote: > >>> > >>>> If so, is this channel visible to guest userspace? If the channle is visible to guest > >>>> userspace, the program running in userspace may write the same message to the channel. > >>> > >>> Access control is via permissions. You can have udev scripts assign > >>> whatever uid and gid to the port of your interest. By default, all > >>> ports are only accessible to the root user. > >> > >> We should also prevent root user writing message to this channel if it is > >> used for panicked notification. > >> > > > > Why? root can easily cause a panic. > > > > root user can write the same message to virtio-serial while the guest is running... Unless you are running a MAC policy which strictly confines the root account, root can cause a kernel panic regardless of virtio-serial permissions in the guest: echo c > /proc/sysrq-trigger Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
