On Fri, Sep 19, 2014 at 04:29:53PM -0700, H. Peter Anvin wrote: > > Actually, a much bigger reason is because it lets rogue guest *user > space*, even will a well-behaved guest OS, do something potentially > harmful to the host. Right, but if the host kernel is dependent on the guest OS for security, the game is over. The Guest Kernel must NEVER been able to do anything harmful to the host. If it can, it is a severe security bug in KVM that must be fixed ASAP. - Ted _______________________________________________ Virtualization mailing list Virtualization@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/virtualization
