On Thu, Mar 14, 2019 at 4:00 AM Paolo Bonzini <pbonzini@xxxxxxxxxx> wrote: > > On 14/03/19 00:44, Andrea Arcangeli wrote: > > Then I thought we can add a tristate so an open of /dev/kvm would also > > allow the syscall to make things more user friendly because > > unprivileged containers ideally should have writable mounts done with > > nodev and no matter the privilege they shouldn't ever get an hold on > > the KVM driver (and those who do, like kubevirt, will then just work). > > I wouldn't even bother with the KVM special case. Containers can use > seccomp if they want a fine-grained policy. > > (Actually I wouldn't bother with the knob at all; the attack surface of > userfaultfd is infinitesimal compared to the BPF JIT...). please name _one_ BPF JIT bug that affected unprivileged user space.
