On Wed, Oct 02, 2013 at 04:33:18PM +0200, Paolo Bonzini wrote: > Il 02/10/2013 16:08, Alexander Graf ha scritto: > > > The hwrng is accessible by host userspace via /dev/mem. > > > > A guest should live on the same permission level as a user space > > application. If you run QEMU as UID 1000 without access to /dev/mem, why > > should the guest suddenly be able to directly access a memory location > > (MMIO) it couldn't access directly through a normal user space interface. > > > > It's basically a layering violation. > > With Michael's earlier patch in this series, the hwrng is accessible by > host userspace via /dev/hwrng, no? > Access to which can be controlled by its permission. Permission of /dev/kvm may be different. If we route hypercall via userspace and configure qemu to get entropy from /dev/hwrng everything will fall nicely together (except performance). -- Gleb. -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
